GDPR (General Data Protection Regulation)
GDPR (General Data Protection Regulation) places direct data processing obligations on businesses and organisations at an EU-wide level.
According to the GDPR, an organisation can only process personal data under certain conditions. For instance, the processing should be fair and transparent, for a specified and legitimate purpose and limited to the data necessary to fulfil this purpose. It must also be based on one of the following legal grounds.
- The consent of the individual concerned.
- A contractual obligation between you and the individual.
- To satisfy a legal obligation.
- To protect the vital interests of the individual.
- To carry out a task that is in the public interest.
- For Casadh’s legitimate interests, but only after having checked that the fundamental rights and freedoms of the individual whose data we process are not seriously impacted.
Casadh intends to meet all relevant (GDPR) Data Protection, privacy and security requirements, whether originating from legal, regulatory, or contractual obligations.
Casadh intends to meet all relevant Data Protection, privacy and security requirements, whether originating from legal, regulatory, or contractual obligations.
The Data Protection Policy Document sets out Casadh’s policy regarding Personal Data collection/processing/sharing for all staff particpants and Volunteers
Casadh also embraces Privacy by Design and Privacy by Default principles in all its services and functions both current and future. This ensures that the public can maintain a high level of trust in Casadh’s competence and confidentiality while handling data.
Casadh shall be responsible for, and be able to demonstrate compliance with, the following key principles: Personal Data shall only be processed fairly, lawfully and in a transparent manner
Personal Data shall be obtained only for specified, explicit, lawful, and legitimate purposes, and shall not be further processed in any manner incompatible with those purposes
Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
Personal Data shall be accurate, and where necessary kept up to date
Personal Data shall not be kept in a form which permits identification of a data subject for longer than is necessary for the purposes for which the Personal Data are processed
Personal Data shall be processed in a secure manner, which includes having appropriate technical and organisational measures in place.
Data Subjects Rights
Right of Access
Right to Rectification
Right to Erasure (sometimes referred to as the Right to be Forgotten)
Right to Restriction of Processing
Right to Data Portability
Right to Object to Direct Marketing
Right to Object to Automated Decision Making, including Profiling