General Data Protection Regulation [GDPR]
Glossary of Terms and Definitions in relation to GDPR
The General Data Protection Regulation (GDPR) is the European Union’s far-reaching data protection law that came into force on 25th May 2018. Its primary goal is to strengthen individuals’ rights and reshape how organisations across the EU handle personal data. The introduction of GDPR has significantly changed the landscape of data privacy, placing greater responsibility on employers and organisations to ensure the secure and lawful handling of employee and customer data.
Under GDPR, employers—referred to as “Data Controllers”—must follow strict legal obligations when collecting, storing, or processing personal data. The regulation requires that all personal data be collected for a clear, lawful purpose, stored securely, and kept only for as long as necessary. Key principles include data minimisation, lawful processing, and accountability. GDPR also introduces new rights for individuals, including the “right to be forgotten,” meaning personal data can be deleted upon request if no legal grounds exist to retain it.
Failing to meet GDPR requirements can lead to severe penalties, with fines of up to €20 million or 4% of a company’s global annual turnover—whichever is higher. As such, data protection is no longer optional; it is now a legal necessity.
Individuals whose data is processed—such as employees, customers, or contractors—are now known as “Data Subjects.” Their rights under GDPR include access to their data, the right to rectification, the right to object to processing, and the right to erasure. Consent for data processing must be explicit and freely given, and companies must be prepared to act quickly in the event of a data breach.
Security is no longer just a best practice—it is a legal requirement. Organisations must implement robust data protection policies, risk assessments, and breach notification procedures. Simply doing the bare minimum is no longer acceptable.
To help Irish employers stay compliant and reduce the cost and complexity of GDPR readiness, The HR Company has partnered with CSR to offer an affordable, easy-to-use GDPR compliance solution. With the CSR uRISQ+ Premium, companies can assess their data protection practices and become compliant for as little as €50. Discounts are available for businesses currently subscribed to our HR services, and the suite is also accessible to non-clients.
The CSR Readiness platform helps businesses identify vulnerabilities, improve data security, and prepare for any potential future data breaches. Whether you’re a small business or a growing organisation, The HR Company and CSR are here to support you throughout your data protection journey.
We also offer free GDPR resources for both employers and employees, including practical guides, FAQs, and compliance checklists.
Need support? Visit our dedicate Data Protection website at thegdprcompany.ie, or explore our free tools, or contact our team today to find out how we can help you become and stay GDPR compliant.
Leave A Comment