SIPTU, representing over 180,000 workers across various employment sectors in Ireland, offers comprehensive support and expertise to facilitate workers’ interactions with employers and governmental bodies. Functioning as an organising union, SIPTU prioritises bolstering collective strength, expanding membership, and fostering engagement among workers. Emphasising unity, the union advocates for a cohesive approach, embodied in the principle of ‘One Big Union,’ which transcends trade or grade differentiations to consolidate power within workplaces.

Challenges we faced

I was appointed as data protection officer on the 21 May 2018, just days before the GDPR legislation was implemented on the 25 May 2018. This left us with very little time to prepare. Our previous data protection issues were predominantly related to subject access requests (SARs), which were handled by our finance function and legal department. Essentially, the only approach we had in place for dealing with data protection was a rudimentary handling of SARs. This immediate and pressing need to comply with GDPR, coupled with our limited experience and systems for managing data protection, underscored the necessity for PrivacyEngine’s products and services.

Solutions we implemented

PrivacyEngine provided practical tools on their platform, which significantly helped in our data protection efforts, even though we didn’t use all of them, such as the subject access request log and the data breach log, preferring to manage these internally. The most beneficial tools for us were the record of processing activities, which is required under Article 30, and the bank of template documents that we could customise for our needs. These tools were instrumental in getting us started on a more organised path towards GDPR compliance.

Moreover, the support function from PrivacyEngine was unparalleled. It wasn’t just about the tools; it was the expert support that came with them. Initially, it was just me in this role, but later I had two support staff. However, the ability to consult with PrivacyEngine’s experts, like being able to pick up the phone and get advice from knowledgeable professionals like Sarah or even Jones after his tenure, was invaluable. This support helped us navigate the complexities of data protection, especially in areas where GDPR was still new and interpretations were evolving.

Results and Looking to the future

The impact of using PrivacyEngine’s products and services has been profound, helping us not just survive the transition into GDPR compliance but also develop our maturity in terms of data protection legislation practices. We have been working with PrivacyEngine on various projects to further this maturity, such as policies, records of processing activities, and staff training. This partnership has helped us bring all aspects of data protection into a more cohesive and mature state within our organisation.

We are now nearly six years down the line, and with PrivacyEngine’s help, we’ve seen ourselves grow and mature in handling data protection. The concept of maturity in data protection is crucial, reflecting a journey from initial compliance to a more integrated, comprehensive approach to data protection. PrivacyEngine has not just been a supplier but a partner in this journey, helping us reach a stage where data protection is part of our organisational culture, and we’re continually improving our practices and responses to data protection challenges.

Quote

“The most beneficial tools for us were the record of processing activities, which is required under Article 30, and the bank of template documents that we could customise for our needs. These tools were instrumental in getting us started on a more organised path towards GDPR compliance.”

  • Audrey Barrett
  • /
  • SIPTU