Policies

As the nation's leading provider of business, consumer data and information management services, we are committed to our responsibilities under data protection legislation, including the General Data Protection Regulation which comes into force on 25th May 2018.

What is GDPR

The General Data Protection Regulation (“GDPR”) is a new European privacy regulation which will replace the current EU Data Protection Directive (“Directive 95/46/EC”). The GDPR aims to enhance the current Directive to strengthen the security and protection of personal data in the EU and harmonize data protection legislation throughout the EU.

How does the GDPR apply to Data Ireland’s products?

We use consumer and business names and addresses which is defined as personal data and data protection legislation, including the GDPR, therefore applies to our products.

How has Data Ireland been preparing for the GDPR?

We have prepared the following overview for potential clients and data subjects describing our products and outlining the measures we have taken to achieve compliance with existing legislation and the GDPR.

What personal data do you hold?

• Contact information
• Marketing preferences
• Marketing activities
• Lifestyle data
• Age Category
• Place of Residence
• Family Composition
• Household Income

We may obtain Personal Data from the following sources:

• our websites at www.dataireland.ie and www.business.ie (the “Websites”); and
• email;
• telephone surveys and calls, directly or through third parties working on our behalf to update our databases;
• from businesses in respect of individual contact details within such businesses; and
• data brokers who have obtained consent to use personal data for third party marketing purposes.

What legal basis do you have for processing this data?

Justification for processing Personal Data:

• Where necessary for performing a contract for which personal data is required to fulfil the requested services;;
• The data subject’s consent (where he/she voluntarily gives consent to provide us or a third party with his/her Personal Data ); and
• Where necessary for the purpose of our legitimate interests or those of a relevant third party.

Where we rely on our legitimate business interests or the legitimate interests of a third party to justify the purposes for using Personal Data, our legitimate interests will usually be:

• pursuit of our commercial activities and objectives, or those of a third party (for example, by carrying out direct marketing or conducting market research);
• compliance with applicable legal and regulatory obligations;
• development of any guidelines, improvement and development of business operations and service offerings;
• conducting analytical and statistical research and profiling.

How do you monitor compliance?

As most of the Personal Data we hold is stored electronically we have implemented appropriate IT security measures to ensure this Personal Data is kept secure. For example, we use anti-virus protection systems, firewalls, and data encryption technologies. We have procedures in place at our premises to keep any hard copy records physically secure. We use electronic access cards with secret PIN to manage access to all areas in our premises. We also train our staff regularly on data protection and information security.

For all other queries on data protection, please contact our Data Protection Officer at:

datacompliance@dataireland.ie