By Published On: September 21, 2022Categories:

Cuisque cur sus metus vitae sed pharetra auctor semy massa interdum magna augue eget diam. Vestibulum ante ipsum faucibus luctus ultrices posuere cubilia. Vestibulum lacinia arcu eget nulla. Quisque volutpat ipsum condimentum velit. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Nam nec ante. Sed lacinia, urna non tincidunt mattis, tortor neque adipiscing diam acd cursus ipsum ante quis turpis. Nulla facilisi ut fringilla suspendisse potenti.

  • Supported business with intelligence magna luctus suscipits
  • Private funds granted with help of Govt augue congue elementum

  • Increase efficiency and achieve better sales venenatis tristique dignissim
  • Vestibulum tincidunt malesuada tellus ultrices ultrices enim
impactful relations

Set vitae pharetra auctor dui mattiy sed interdum

years of experience

Set vitae pharetra auctor dui mattiy sed interdum

top rated services

Set vitae pharetra auctor dui mattiy sed interdum

Class aptent taciti sociosqu ad litora torquent per conubia nostra per inceptos himenaeos. Curabitur sodales ligula in libero. Sed dignisim lacinia nunc. Curabitur tortor. Pellentesque nibh. Aenean quam. In scelerisque sem at dolor. Maecenas mattis. Sed convallis tristique sem. Proin ut ligula vel nunc egestas porttitor. Morbi lectus risus, iaculis vel, suscipit quis, luctus non, massa. Fusce ac turpis quis ligula lacinia aliquet. Mauris ipsum. Nulla metus metus ullamcorper vel tincidunt sed euismod and nibh.

Driving success to your business

Quisque volutpat condimentum velit. Class aptent taciti sociosqu  litora torquent per conubia nostra, per inceptos himenaeos. Nam nec ante. Sed lacinia, urna non tincidunt mattis, tortor neque adipiscing diam, a cursus ipsum ante quis turpis. Nulla facilisi. Ut fringilla. Susp endisse potenti. Nunc feugiat mi a tellus consequat imperdiet. Vestibulum sapien. Proin quam. Etiam ultrices. Suspendisse in justo eu magna luctus suscipit sed lectus.

Passionate - Dedicated - Professional

Recently completed projects

    You need to approach this in a logical, rational way from the start so you don’t go insane later.

    In a previous article, I discussed the factors you should consider when deciding whether you want to work on your GDPR compliance in-house or outsource it, as well as the advantages of doing this yourself.


    How to do it in-house

    To become compliant, you need to know the ‘what’ of compliance and the ‘how’ of compliance.

    1. The ‘What’ of compliance

    You can’t be compliant if you don’t know what compliance actually means. You need to get a firm grasp of the core requirements of GDPR.

    2. The ‘How’ of compliance

    When you know what compliance means, you need to figure out how you can get there.


    Learning the ‘What’ of compliance

    You need to be knowledgeable about the requirements of GDPR.

    There are many ways to learn the specifics of GDPR, including:

    1. In-person training

    The fastest way to get clarity about GDPR is to attend in-person training.

    Yes, you can learn about GDPR online but it’s a slower process. It’s more difficult to get answers to your specific questions. It can also be difficult to know whether what you are reading is black-and-white fact or just the opinion of someone who is not fully informed.

    There are many training options out there, depending on whether you to get formally certified as a data protection professional or if you just want to just learn the key elements of GDPR.

    For formal certification in Ireland:

    Your options include:

    • Certified Information Privacy Professional (Europe) through the International Association of Privacy Professionals
      CIPP/E training is performed over 2 consecutive days. You take an online exam at a time that suits you, usually within 6 months of the training course. I am somewhat biased about this as I am a trainer for IAPP in Dublin. But even before I became a trainer, I found that CIPP/E was the most recognised global certification available. For more information on CIPP/E, go to https://iapp.org/certify/cippe/. If you are interested in attending the next course in Dublin, contact IAPP’s Irish training partner, Colleary & Co – info@collearyandco.com
    • PDP Training
      Training is performed over 5 days, followed by an exam. I have paid to attend a few of these modules that covered specific topics such as subject access requests. Personally, I’d recommend any modules run by Paul Lavery of McCann Fitzgerald. More information is available at https://www.pdp.ie/training/list-of-courses
    • Certified Data Protection Officer through UCD and the Association of Compliance Officers
      Training is performed on UCD’s campus on a number of Saturdays over a period of a few months. This is followed by a closed-book exam. This was the first certification route that I took and I found it to be an excellent way to learn about data protection. The certification is accredited through UCD which helps to prove this is an in-depth course. More information is available at https://www.acoi.ie/education/qualifications/professional-certificate-in-data-protection/
    • The Law Society of Ireland
      I don’t have personal experience of this course but I believe it is held in-person and online in the evenings. Many of the trainers are very well-respected in the industry so I don’t doubt the quality of this certification route. More information is available at https://www.lawsociety.ie/productdetails?pid=1331
    If you just want to get trained in GDPR without formal certification:

    There are many training options out there. For example, you can attend some of the modules of the PDP course.

    I may also be able to help you.

    • If it’s just one or two of you:
      I run training sessions in the M50 / West Dublin / North Kildare area on a bi-monthly basis. The session enables you to get trained alongside other businesses. The cost for the half-day session is €295 per attendee.
    • If there’s more than a couple of you and you are in the M50 / Dublin / Kildare area:
      I can run a half-day training session in your offices – Read more about this option.

    2. Online training

    If in-person training is not an option, you may find online training courses available on sites such as Udemy.com or Teachable.com.

    At the moment, I can’t vouch for the quality of these courses. If the tutor is qualified and experienced, they are probably worth a look.

    I am currently developing an online course to cover the essentials of GDPR. If you are interested in hearing more and want to get an early bird discount when it launches, just let me know.

    3. Trustworthy online sources

    After you have been trained, you will still need access to guidance on an ongoing basis.

    Do not rely on Google to figure out the answers for your GDPR questions.

    Seek authoritative sources.

    The text of GDPR and local laws

    If you have a question about GDPR, you should look at the text of GDPR to see if it can give you a clear answer. The best online source is at https://gdpr-info.eu/.

    If you are an organisation established in Ireland, the Irish legislation to enact GDPR is the Data Protection Bill 2018. It’s heavy reading but it’s still useful to access it when you want to understand how the law looks in Ireland: https://data.oireachtas.ie/ie/oireachtas/act/2018/7/eng/enacted/a0718.pdf

    The data protection regulators

    The Irish regulator’s site is a good source, even if the site design seems dated these days – www.dataprotection.ie

    They also have a site dedicated to GDPR that is worth a look – www.gdprandyou.ie.

    For some juicy insights, the site also includes case studies of how organisations got things wrong. The site categories the cases by topic – e.g. direct marketing, CCTV – https://www.dataprotection.ie/docs/Case-Studies/945.htm

    The ICO (the UK data protection regulator) is also pretty good at publishing guidance on their www.ico.org.uk site. (Just be mindful that if they talk about ‘local’ or ‘national’ law, they are talking about UK law. Irish law may differ.)

    Data protection consultancy & legal firms

    Look for articles written by people who work in the area of data protection.

    In my experience, Twitter and LinkedIn can be better sources than blogs for this type of material. (Given I write articles on this blog and seldom use social media, is this ironic?)

    Data protection industry bodies

    I also have to mention the International Association of Privacy Professionals (IAPP) as a great source of material. And not just because I am one of their CIPP/E trainers in Ireland!

    Personally, I have gained huge value from IAPP’s articles, white papers, webinars and other material. You don’t need to become a paid member to access a lot of the material.

    Take a look at www.iapp.org.


    Deciding the ‘How’ of compliance


    Now that you know it, it’s time to do it.

    When you have a clear sense of what compliance requires and how you are going to comply, you need to get on with it.

    This is where the theory meets reality, and insanity kicks in.

    The causes of insanity when you do it yourself

    There are many reasons why you may feel like you are going insane while you try to do this yourself:

    1. GDPR is seldom black-and-white

    GDPR is principle-based. It lacks the specifics of how you should apply these principles to your real-world scenarios.

    If you don’t found trustworthy sources for guidance, you may find contradictory answers online.

    You’ll start to wonder if you are doing this right.

    You will start to doubt every decision you make.

    2. It seems like an ever-growing mountain of work

    As you deal with one compliance gap, you may identify many more gaps that you hadn’t previously considered.

    The list of things on your to-do may just seem to get longer.

    Your motivation will drop when the list just keeps growing.

    This will feel like a never-ending story.

    3. Your ‘real’ job takes over

    If you are trying to do this alongside your other responsibilities, your ‘real job’ will take over.

    It is inevitable: There is always a bigger fire to fight, or a more pressing item to address.

    GDPR will keep getting parked until ‘tomorrow’.

    But tomorrow will be just like today.


    How to avoid the insanity

    Doing this yourself does not mean doing it alone

    Let’s revisit the two things I said you will need in order to get this done:

    1. Data protection knowledge
    2. Implementation experience

    If you find yourself struggling, it may mean you need help with one or both of these.

    This is nothing to be stressed about. You can’t have all the answers when you give this a go for the first time.

    Remember what it was like when you first tried to drive a car?

    The insanity of steering while trying to operate a clutch and find a gear (any gear), all the while looking out for lunatics in bikes?

    But, with the right support, it became second nature to you.

    If you’re struggling because you lack data protection knowledge

    It may be worth getting support from someone who has the knowledge. They will be able to answer your questions quickly so you don’t lose your mind reading contradictory opinions online.

    If you’re struggling because the list seems to be endless or your ‘real’ job is taking priority

    The problem is not a lack of knowledge. It’s a problem of getting things done.

    It may be worth getting help from someone who has previous experience implementing change in a business. This someone should know how to create and manage a realistic schedule of activities, how to get the right people in a room to get things done, and how to escalate matters if things are not going well.

     

     

     

    You need to approach this in a logical, rational way from the start so you don’t go insane later.

    In a previous article, I discussed the factors you should consider when deciding whether you want to work on your GDPR compliance in-house or outsource it, as well as the advantages of doing this yourself.


    How to do it in-house

    To become compliant, you need to know the ‘what’ of compliance and the ‘how’ of compliance.

    1. The ‘What’ of compliance

    You can’t be compliant if you don’t know what compliance actually means. You need to get a firm grasp of the core requirements of GDPR.

    2. The ‘How’ of compliance

    When you know what compliance means, you need to figure out how you can get there.


    Learning the ‘What’ of compliance

    You need to be knowledgeable about the requirements of GDPR.

    There are many ways to learn the specifics of GDPR, including:

    1. In-person training

    The fastest way to get clarity about GDPR is to attend in-person training.

    Yes, you can learn about GDPR online but it’s a slower process. It’s more difficult to get answers to your specific questions. It can also be difficult to know whether what you are reading is black-and-white fact or just the opinion of someone who is not fully informed.

    There are many training options out there, depending on whether you to get formally certified as a data protection professional or if you just want to just learn the key elements of GDPR.

    For formal certification in Ireland:

    Your options include:

    • Certified Information Privacy Professional (Europe) through the International Association of Privacy Professionals
      CIPP/E training is performed over 2 consecutive days. You take an online exam at a time that suits you, usually within 6 months of the training course. I am somewhat biased about this as I am a trainer for IAPP in Dublin. But even before I became a trainer, I found that CIPP/E was the most recognised global certification available. For more information on CIPP/E, go to https://iapp.org/certify/cippe/. If you are interested in attending the next course in Dublin, contact IAPP’s Irish training partner, Colleary & Co – info@collearyandco.com
    • PDP Training
      Training is performed over 5 days, followed by an exam. I have paid to attend a few of these modules that covered specific topics such as subject access requests. Personally, I’d recommend any modules run by Paul Lavery of McCann Fitzgerald. More information is available at https://www.pdp.ie/training/list-of-courses
    • Certified Data Protection Officer through UCD and the Association of Compliance Officers
      Training is performed on UCD’s campus on a number of Saturdays over a period of a few months. This is followed by a closed-book exam. This was the first certification route that I took and I found it to be an excellent way to learn about data protection. The certification is accredited through UCD which helps to prove this is an in-depth course. More information is available at https://www.acoi.ie/education/qualifications/professional-certificate-in-data-protection/
    • The Law Society of Ireland
      I don’t have personal experience of this course but I believe it is held in-person and online in the evenings. Many of the trainers are very well-respected in the industry so I don’t doubt the quality of this certification route. More information is available at https://www.lawsociety.ie/productdetails?pid=1331
    If you just want to get trained in GDPR without formal certification:

    There are many training options out there. For example, you can attend some of the modules of the PDP course.

    I may also be able to help you.

    • If it’s just one or two of you:
      I run training sessions in the M50 / West Dublin / North Kildare area on a bi-monthly basis. The session enables you to get trained alongside other businesses. The cost for the half-day session is €295 per attendee.
    • If there’s more than a couple of you and you are in the M50 / Dublin / Kildare area:
      I can run a half-day training session in your offices – Read more about this option.

    2. Online training

    If in-person training is not an option, you may find online training courses available on sites such as Udemy.com or Teachable.com.

    At the moment, I can’t vouch for the quality of these courses. If the tutor is qualified and experienced, they are probably worth a look.

    I am currently developing an online course to cover the essentials of GDPR. If you are interested in hearing more and want to get an early bird discount when it launches, just let me know.

    3. Trustworthy online sources

    After you have been trained, you will still need access to guidance on an ongoing basis.

    Do not rely on Google to figure out the answers for your GDPR questions.

    Seek authoritative sources.

    The text of GDPR and local laws

    If you have a question about GDPR, you should look at the text of GDPR to see if it can give you a clear answer. The best online source is at https://gdpr-info.eu/.

    If you are an organisation established in Ireland, the Irish legislation to enact GDPR is the Data Protection Bill 2018. It’s heavy reading but it’s still useful to access it when you want to understand how the law looks in Ireland: https://data.oireachtas.ie/ie/oireachtas/act/2018/7/eng/enacted/a0718.pdf

    The data protection regulators

    The Irish regulator’s site is a good source, even if the site design seems dated these days – www.dataprotection.ie

    They also have a site dedicated to GDPR that is worth a look – www.gdprandyou.ie.

    For some juicy insights, the site also includes case studies of how organisations got things wrong. The site categories the cases by topic – e.g. direct marketing, CCTV – https://www.dataprotection.ie/docs/Case-Studies/945.htm

    The ICO (the UK data protection regulator) is also pretty good at publishing guidance on their www.ico.org.uk site. (Just be mindful that if they talk about ‘local’ or ‘national’ law, they are talking about UK law. Irish law may differ.)

    Data protection consultancy & legal firms

    Look for articles written by people who work in the area of data protection.

    In my experience, Twitter and LinkedIn can be better sources than blogs for this type of material. (Given I write articles on this blog and seldom use social media, is this ironic?)

    Data protection industry bodies

    I also have to mention the International Association of Privacy Professionals (IAPP) as a great source of material. And not just because I am one of their CIPP/E trainers in Ireland!

    Personally, I have gained huge value from IAPP’s articles, white papers, webinars and other material. You don’t need to become a paid member to access a lot of the material.

    Take a look at www.iapp.org.


    Deciding the ‘How’ of compliance


    Now that you know it, it’s time to do it.

    When you have a clear sense of what compliance requires and how you are going to comply, you need to get on with it.

    This is where the theory meets reality, and insanity kicks in.

    The causes of insanity when you do it yourself

    There are many reasons why you may feel like you are going insane while you try to do this yourself:

    1. GDPR is seldom black-and-white

    GDPR is principle-based. It lacks the specifics of how you should apply these principles to your real-world scenarios.

    If you don’t found trustworthy sources for guidance, you may find contradictory answers online.

    You’ll start to wonder if you are doing this right.

    You will start to doubt every decision you make.

    2. It seems like an ever-growing mountain of work

    As you deal with one compliance gap, you may identify many more gaps that you hadn’t previously considered.

    The list of things on your to-do may just seem to get longer.

    Your motivation will drop when the list just keeps growing.

    This will feel like a never-ending story.

    3. Your ‘real’ job takes over

    If you are trying to do this alongside your other responsibilities, your ‘real job’ will take over.

    It is inevitable: There is always a bigger fire to fight, or a more pressing item to address.

    GDPR will keep getting parked until ‘tomorrow’.

    But tomorrow will be just like today.


    How to avoid the insanity

    Doing this yourself does not mean doing it alone

    Let’s revisit the two things I said you will need in order to get this done:

    1. Data protection knowledge
    2. Implementation experience

    If you find yourself struggling, it may mean you need help with one or both of these.

    This is nothing to be stressed about. You can’t have all the answers when you give this a go for the first time.

    Remember what it was like when you first tried to drive a car?

    The insanity of steering while trying to operate a clutch and find a gear (any gear), all the while looking out for lunatics in bikes?

    But, with the right support, it became second nature to you.

    If you’re struggling because you lack data protection knowledge

    It may be worth getting support from someone who has the knowledge. They will be able to answer your questions quickly so you don’t lose your mind reading contradictory opinions online.

    If you’re struggling because the list seems to be endless or your ‘real’ job is taking priority

    The problem is not a lack of knowledge. It’s a problem of getting things done.

    It may be worth getting help from someone who has previous experience implementing change in a business. This someone should know how to create and manage a realistic schedule of activities, how to get the right people in a room to get things done, and how to escalate matters if things are not going well.