Data Protection Solicitors

What is Data Protection?

Data protection is a prominent feature in the modern-day running of a business. The General Data Protection Regulation (GDPR)came into force in 2018 and increased the obligations and responsibilities for businesses in how they collect, use and protect personal data. We can give you guidance on the best practices to use to ensure you are meeting your obligations in being fully transparent about how you are using and safeguarding personal data, and demonstrating accountability for your data processing activities.  

It is important for you as a business to understand what personal data is. It is data that relates to or can identify an individual either by itself or together with other available information and it can include a name, address, contact details, an identification number, CCTV footage, audio recordings of a person and location data. It is also advisable to have an idea of the key terms used to describe the parties involved. The business you run which handles this data is known as the controller, the individual who processes the information on behalf of you as the data controller is known as a processor and the data subject is the individual which the personal data relates to. There are a number of obligations, outlined below, that you have when handling their information that we can advise you on.  

Data protection solicitors


Make a Free Enquiry

Call us Now on 061 513113, email or complete our Free Online Enquiry form for a free, no-obligation discussion and let us explain your legal options

Data Protection Obligations

The obligation to lawfully process personal data: 

Your business may only use or keep personal data where there is a lawful reason and there are six standard lawful reasons which you can use. These include that you have been given free and informed consent from the individual, the processing is necessary for you to carry out a contract for example, a delivery of a product, the processing is necessary for you to comply with a legal obligation like the collection of details for anti-money laundering purposes. We can offer advice if you are unsure whether your reason for processing personal data falls under the six reasons set out by the GDPR.  

The obligation to design and operate appropriate processing systems: 

Data protection measures must be included when any system is being designed by your business and systems you set up should be data protection friendly. Essentially, you should ensure only necessary personal data is collected, that it is kept for the minimum period necessary and that an individual is not automatically opted-in to any unnecessary processing. You can apply for certification in Ireland from the Data Protection Commission, which will demonstrate that your business processes are designed to comply with the GDPR. 

The obligation to use processors that meet the requirements of the legislation: 

If processing is carried out by a processor and not your business, the controller, you must use only processors who guarantee that their systems of processing meet the requirements of the Regulation. Examples of processors include payroll companies, accountants and market research companies. You must have a contract with the processor setting out the scope of the processing required. We can also assist in drawing up such a contract.  

The obligation to keep records: 

If your business has more than 250 employees, or it processes sensitive information, you must keep a record of the processing activities and they can be inspected by the Data Protection Commission on request. 

The obligation to keep data secure: 

As the title suggests, you have an obligation to keep personal data secure. You must also ensure that any employees do not access or process any data unless they are required to do so. You should consider implementing modern security measures to combat the risks involved in this area. 

The obligation to report data breaches: 

You must notify the Data Protection Commission of a personal data breach where it is a likely to result in a risk to the rights and freedoms of the data subject, where bank details are stolen for example. Notification should be made within 72 hours. You must also notify a data subject of the breach in clear language. 

The obligation to carry out data protection impact assessments: 

If you intend to carry out high-risk processing, you must first carry out a data protection impact assessment. This type of processing can include using new technology and processing large amounts of sensitive personal data. 

The obligation to appoint data protection officers: 

Data protection officers must be appointed if your business’ core activities consist of processing that requires regular and systematic monitoring of data subjects on a large scale or of special categories of personal data or data relating to criminal convictions and offences. There are a number of requirements for these data protection officers to meet and tasks they must complete which we can guide you on. 

There are also obligations to comply with codes of conduct and certification and relating to transferring data outside the EU which we offer advice on. Your convenience is important to us and we aim to minimise the amount of time you have to spend on the process. We offer video calls to save you from travelling to meet us and you can meet us at times convenient to you.  

One of the best things I experienced was the personal touch. It can be daunting dealing with solicitors and I never felt like a hindrance. Gary was always available on the phone and email for me and always responded very quickly.


SOS Legal will be my go to solicitors going forward. Gary was absolutely fantastic all throughout the process. He was professional, responsive and proactive. He guided us through the process step by step and clarified everything down to details. Simply to say, he made the whole process seamless and somewhat easy which we really appreciated.


Extremely impressed with the level of service from Shanahan O’Sullivan. Gary was excellent in explaining what was required and what he could do to assist us. His communication was always clear, detailed and to the point. He made the process extremely easy and straightforward. I would have no hesitation in recommending them to others.


Subject Access Requests

Another area concerning data protection we can help advise on is how to deal with subject access requestsA Subject Access Request can be completed by any individual to obtain all, or some, data held by a data controller about them. 

Data Protection Solicitors

Make a Free Enquiry

Call us Now on 061 513113, email or complete our Free Online Enquiry form for a free, no-obligation discussion and let us explain your legal options

Gary O’Sullivan

Solicitor, Head of Department

Explore Our Services

Advance Healthcare Directives

Business Services



Employment Law for Employees

Enduring Power of Attorney

Personal Injury Claims

Probate & Estate Administration


Make A Free Enquiry

“Call +353 61 513113 or your local office or complete this Short Enquiry (no cost or obligation)”


What Clients Say

Click to read more>>

Why Choose Us

Solicitors Ireland
STEP Solicitor Ireland


We donate a minimum of 5%of profits
to charity. Learn More about our ethos here.

Helping Clients
Throughout Ireland