If customers give their personal data to your business then you hold a legal obligation to keep their details private and secure. Irish data protection legislation regulates the collection, storage and usage of personal data.
Robert Haniver of Mason, Hayes & Curran gives an introduction to the legal responsibilities of businesses when holding customer data.
“Whether you have customers, suppliers or you run employees, the likelihood is you will be dealing with personal data at some stage.”
Robert began his talk by explaining to the participants that if they have customers, suppliers or employees then the likelihood is that they will be dealing with some form of personal data. Personal information is any data in respect of a living individual – in physical or electronic form. Robert explained that a company dealing with personal data may be a data controller, a data processor or both. Robert then explained the rules concerning the collection of ‘basic information’ and ‘Sensitive Personal Data.’ The former requires only ‘implied consent,’ while the latter needs heightened data protection and ‘explicit content’ to obtain. Basic information could be names and email addresses collected for a mailing list while Sensitive Personal Data could include details about race, political and religious beliefs, health information, past criminal convictions, and membership of trade unions.
Robert explained that businesses need prior consent before sending marketing material to an individual who is not a present or past customer. It’s important to be aware that marketing material may be sent to a current or recent customer provided you include an opt out facility.
The following podcast contains Robert’s talk on Data Protection from the video above but also has a valuable Questions and Answers at the end of the session
Apologies in advance for the low volume, we will improve this for future podcasts.
For more about the 8 principles of Data Protection in Ireland see:
“Data Protection Acts 1988 and 2003: A Guide for Data Controllers,” Irish Data Protection Commissioner, accessd July 27, 2015, https://www.dataprotection.ie/docs/A-Guide-for-Data-Contollers/696.htm.