Category: People

Customers & People in General

100 DAYS TO GDPR

The General Data Protection Regulation aims to strengthen the protection of personal data. The current data legislation dates back to 1995 with the Data Protection Directive which has a lack of harmony and has not evolved to deal with the current uses for Data eg marketing. The principles remain the same but the new policy is meant to update standards to fit today’s technology which has changed dramatically since 1995. Today, there are 3 billion internet users compared to 16 million 20 years ago, with the rise of social networks. The GDPR affects all businesses operating within the EU: EU Companies that process personal data, Non-EU companies who offer goods or services to individuals in the EU and Non-EU companies who monitor individual’s behaviour that takes place in the EU. It will come in effect on May 25th 2018 and we have to make these changes now to ensure that we are compliant.

MAIN CHANGES :

  • CONSENT : Permission and consent are required to send marketing information. The consent must be unambiguous, informed and freely given. Prior to giving consent, data subjects (individuals whom particular personal data is about) must be informed of the right to withdraw consent at any time and it must be easy for them to do so. For children under 16, a parent or guardian must give his approval.
  • RIGHTS FOR DATA SUBJECTS : Right to be informed, Right to access, Right to rectification, Right to erasure, Right to restrict processing, Right to data portability, Right to object, Rights in relation to automated decision making.
  • DATA BREACHES : for example the destruction, loss, alteration, unauthorised disclosure of or access to personal data, human error. New mandatory obligation to notify data breaches to the regulator ASAP but not later than 72 hours and if notification is not made after 72 hours a reasoned justification is needed.
  • ADMINISTRATIVE FINES AND COMPENSATION : Under the GDPR, data subjects will have a right to sue and recover material or non-material damages, e.g. loss of personal data, damage to reputation, loss of confidentiality. The current maximum fines are €3000 but GDPR fines are up to €20 million or 4% of the Turnover.
  • INCREASED TERRITORIAL SCOPE : The policy applies to all companies processing the data of E.U. subjects , regardless of the company’s location.
  • PRIVACY BY DESIGN : Data protection has to be included in the initial system design rather than added later.

 

 

KEY ACTIONS TO BE TAKEN

1/ AUDIT :

  • You are required to document what personal data you hold, where it came from and who you share it with.
  • It is recommended to conduct an information audit across the organisation or within particular business areas which need to be GDPR compliant.

2/ IDENTIFICATION :

  • You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in common used format.
  • You should identify the lawful basis for your processing activity in the GDPR, document it and update your notices.

3/ UPDATE DATA PROTECTION POLICY :

  • You should update your procedure for dealing with subject requests to handle them within the new timescales;
  • You should review how to seek, record and manage consent and whether you need to make any changes.
  • You should also put a system in place to verify individuals’ age and to obtain parental or guardian consent for any data processing activity.
  • Finally you should make sure you have the right procedures in place to detect, report and investigate a personal data breach.

4/ UPDATE PRIVACY NOTICES :

  • After updating the data protection policy, it is important to review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
  • They have to be concise and in an easy-to-read format with limited legalese.
  • They must include : identity and contact details of the controller and the Data Protection Officer; purposes and legal basis for the processing; recipients of the personal data; retention periods; details on the right to access to personal data and rectification or deletion of it; right to withdraw consent; …

5/ UPDATE CONTRACTS WITH PROCESSOR AND CONTROLLERS : the contracts must set out :

  • The subject matter and duration of the processing
  • The nature and purpose of the processing
  • The type of personal data and categories of data subject
  • The obligations and rights of the controller

6/ CONSIDER AN APPOINTMENT WITH A DPO :

You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure. A Data Protection Officer can be outsourced to assist you in managing your organisation on its journey to becoming GDPR compliant . If your organisation operates in more than one EU member state, you should determine your lead data protection supervisory authority.

7/TRAINING :

  • You should ensure that everybody is aware that the law is changing to the GDPR (mostly decision makers and key people) so they can start identifying areas that could cause compliance issues.
  • You then have to train relevant staff and teach them how GDPR affects their role.

 

WHAT PROCUREMENT TEAMS SHOULD DO

Map the flow of personal data through supply chains. Identify recipients of personal data, including sub-processors. Note where and how the personal data is processed.

Identify existing supplier contracts that involve the processing of personal data and review the data protection provisions.

Consider the organisation’s approach to risk with existing and new contracts in relation to GDPR compliance. The financial risks posed by the regulation may change the risk profile of data processing contracts, necessitating a different approach Not sure what was meant here?? and data security breaches.

Carry out adequate due diligence on new suppliers to check their GDPR compliance, obtain guarantees regarding the measures that suppliers have in place and ensure there are rights of audit within the contract together with the other mandated data processing provisions.

Check whether existing insurance policies will cover data protection and security breaches including breaches by suppliers.

Check internal systems to ensure that processes are in place to enable the organisation to satisfy the 72-hour breach notification requirement.

 

USEFUL GDPR LINKS

For more information : https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ OR https://gdprandyou.ie/organisations

Are you ready for GDPR ? make sure you have not forgotten anything thanks to this MCQ

You can also consult the Irish Data Protection Authority website.

Pixalert can help you by providing a software which locates all credit card data and critical data in your network to be GDPR compliant.

 

To assist you on how to get started and what GDPR means to your business, ISME Skillnet have designed GDPR Preparation training sessions called GDPR Essentials for SMEs specifically aimed at SMEs and business owners.

The first session in this series on Thursday, 15th February in the Clayton Hotel, Liffey Valley, Dublin is already booked out.

Additional sessions will take places in:

The Dun Library, Royal College of Physicians, 6 Kildare Street, Dublin on Wednesday 21st February

Clayton Hotel, Silver Springs, Tivoli, Cork on Tuesday, 6th March

Limerick Strand Hotel, Ennis Road, Limerick on Wednesday 7th March

BOOK YOUR PLACE NOW 

Ironman – ABC Campaign for Deaf Enterprises

ABC Campaign for Deaf Enterprises (DE)

Mike McGrath,  Managing Director of ARVO has been recently appointed as Chairperson of DE’s voluntary Board of Management and is leading a great team making an impact to the training, skills development and employment opportunities for the Deaf community in Ireland.

Through ABC Campaign for Deaf Enterprises (DE) we would like to create AWARENESS of DE, before recruiting some BENEFACTORS (for their skills/expertise) before Mike undertakes an Ironman CHALLENGE in late September (to raise some much needed funds for DE).

Awareness

Deaf Enterprises is a not-for-profit social enterprise, and Ireland’s only dedicated employer of members of the Deaf and Hard of Hearing (D&HH) Community. DE’s current services offer Furniture Re-Upholstery, such as Seat and Couch re-covering, Vintage Car, Motorbike, Marine, Boat and Leisure Craft upholstery and be-spoke Cushion manufacturing made to order, while also providing French Polishing for Tables, Chairs, Novelty Chairs and Dressers etc.

Benefact

Fundraising is a full time activity for all charities and DE have recently started a Development Committee to research donations to improve the working environment of our workshop. However my ask here is not for cash but for you to consider acting as a Benefactor to volunteer your skills and expertise to DE on a once-off or ongoing basis – you decide. Your knowledge, skills and expertise will have a significant impact to DE, so take note of our wish list here, outlining the skilled and professional help we require, to support the sustainability of DE and our unique role in the Deaf Community.

Challenge

Mike on participating in Ironman:

“I challenged myself in 2017 to complete an Ironman Triathlon in less than 12 hours – quiet ambitious since I have never swam 3.8KM, I have never cycled 180KM or ran a marathon (42KM) so it is an epic challenge to undertake all in one day (Ironman Barcelona on September 30th). I bought my first road bike 2 years ago (and started cycling with the Ironmen of Ballincollig), while I ran my first road race in March this year (Ballycotton 10 Mile) but I am motivated to complete this challenge as I am lucky to have the opportunity to raise Awareness and Funds for Deaf Enterprises”

You can keep an eye on Mike’s training log here but more importantly, please donate and support his challenge anseo; https://www.idonate.ie/fundraiser/11366084_mike-mcgrath-s-ironman-attempt-for-deaf-enterpises.html

 

 

 

Thank you in advance for raising awareness of Deaf Enterprises, while supporting in cash or in kind, so as we can continue to remove the communication barriers with the Deaf Community and provide direct/indirect employment opportunities for at least 30 more years (considering DE’s upcoming 30 Year Anniversary).

 

Feel free to contact DE with your Furniture queries; www.deafenterprises.ieor simply promote DE on Facebook (link) to create awareness of our excellent services (which will sustain the employment of our 22 person team).

 PS: While all donations of €10 or more will be entered into a draw for a signed Cork City FC jersey.

Procurement Training

Empowering & Transforming the Procurement Professional

 

Arvo in partnership with IDD Consult offer tailored training to meet the needs of buyers, from those beginning their procurement career through to seasoned practitioners. We develop the mindset, toolset and skillset of commercial buyers to ensure you are armed to deal with the growing demands in your role e.g. risk, savings, technology and compliance

 

The first step is to assess your current procurement ways of working across 5 different levers – process, people, technology, knowledge and culture, which will diagnose an appropriate Training Plan, leading to appropriate avenues such as workshop training, Certificate/Degree/Masters Qualifications etc. We develop bespoke courses specifically to your needs, built on this initial self assessment of your procurement competencies.

 

We will empower you and your team to make the process of procurement leaner, smarter, better and develop the procurement department as a hub of trusted advisers for internal stakeholders, suppliers and customers.

Tailor-made courses are designed to meet the specific challenges, requirements or opportunities for your staff and business.
Our bespoke courses can range from specific competencies development, operational process optimisation to strategic procurement transformation.
They can be delivered to suit your preferred location and dates, and are very cost-effective when more than 6 attend the workshop.

 

As always if you have any queries regarding above don’t hesitate to contact us.

Origin Green Application Help

Origin Green LogoOrigin Green is Ireland’s food and drink sustainability programme with a vision that Irish food and drink becomes the first choice globally because it is sustainably produced by people who care. It helps Ireland produce more food from less resources and makes great business sense.

 

With climbing energy costs, increased carbon regulation and social responsibility, plus frequent price hikes in global commodities, the demand for sustainable food and beverage producers worldwide has never been higher. International trade customers are actively seeking to align with a sustainable food and beverage supply chain, and Origin Green supports that common goal of sustainable food production.

 

Are you interested in applying for Origin Green membership?

Have you time to write the 50-60 page application?

Have you the resources to create a 10,000 word proposal?

Do you want professional writing assistance to ‘get this over the line’?

 

If so, Arvo can help. We are expert Tender writers and have supported local food businesses with their Origin Green applications. Writing great proposals is a critical skill for all food businesses to document your current ways of working and gain support for your future plans. Your ideas or suggestions are more likely to be approved if you can communicate them in a clear, concise, engaging manner. Knowing how to write a persuasive, captivating proposal is essential for success within Origin Green, so contact Arvo today to discuss your Origin Green plans or get started with the Origin Green form online here.

 

It is important to note that Origin Green works in a different way for farmers and food businesses. For farmers, participation in Bord Bia’s Sustainable Assurance Schemes ensures membership of the programme. Quality Assurance plays a fundamental role in promoting food and horticulture and provides the platform for consumer promotion of product quality. Bord Bia operates a series of quality assurance schemes for the food industry. The schemes are built on best practice in farming and processing, current legislation, relevant industry guidelines and international standards – and are accredited to the ISO17065/2012, outlined as follows;

  • Sustainable Beef and Lamb Assurance Scheme (SBLAS)
  • Meat Processor Quality Assurance Scheme (MPQAS)
  • Feed Quality Assurance Scheme (FQAS)
  • Sustainable Horticulture Assurance Scheme (SHAS)
  • Pigmeat Quality Assurance Scheme (PQAS)
  • Poultry Products Quality Assurance Scheme (PPQAS)
  • Sustainable Dairy Assurance Scheme (SDAS)
  • Sustainable Egg Assurance Scheme (SEAS)

 

Similarly, please contact Arvo to discuss how we can help your Quality Assurance Scheme application.