Do I Need to Update my Data Privacy Policy?
Yes because additional requirements and information need to be complied under GDPR. For example, privacy policies should be in clear and in plain language. Your policy should be concise, intelligent, transparent and made easily accessible to data subjects (such as internal employees, external clients and, where appropriate, the public). Articles 13 and 14 of GDPR set out the information that must be provided to data subjects where their data is obtained:
- Identity and contact details of the controller as well as the contact details of its data protection officer where applicable
- The type of data you hold
- How personal data (including special categories of personal data) is collected?
- How personal data (including special categories of personal data) is used?
- The purpose for collecting and processing data
- Lawful basis for the processing
- The recipients of the data
- Whether data will be transferred outside the jurisdiction
- Whether automated decision–making is used
- Whether the data subject must provide the data
- Data security
- Data retention
- The individuals’ rights of access, correction, erasure, restriction, objection to processing, data portability as well as their right to withdraw consent and to lodge a complaint with the local data protection office
13. What About Revenue Audits?
Revenue audits seek assurances that a business has filed true and correct tax returns based on the information contained in their underlying records. Some of this information may contain personal data, and a client may ask for advice about providing this to Revenue. The position under GDPR is that personal data can be processed and disclosed when it is done in compliance with a legal obligation to which the client is subject. Furthermore, under the Data Protection Act (signed 24 May), the rights of individuals are restricted to the extent that they are necessary and proportionate
(i) the prevention, detection, investigation and prosecution of criminal offences and the execution of criminal penalties or
(ii) for the administration of any tax, duty or other money due or owing to the State or a local authority in any case in which the non-application of the restrictions concerned would be likely to prejudice the aforementioned administration