GDPR Protocol

GDPR Protocol Tissue Viability Nurse’s Association of Ireland

Introduction

The EU General Data Protection Regulation (GDPR) came into effect on May 25th 2018. GDPR and specific Irish law (Data Protection Act 2018) gives more rights to individuals and places certain obligations on organisations in terms of accountability and transparency, when using and storing personal data.

1. Purpose and Scope

This protocol outlines how the Tissue Viability Nurse’s Association of Ireland is compliant with General Data Protection Legislation. It ensures the protection of personal data processed by the TVNAI in its role as a professional association. This protocol applies to all TVNAI members, partners and contractors who handle personal data.

The purpose of this protocol is to explain how the Tissue Viability Nurse’s Association of Ireland collects, uses, stores and shares your personal data. It also explains your rights in relation to the personal data we hold.

2. Definitions 

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Data Subject: The individual to whom the personal data pertains.
  • Processing: Any operation performed on personal data such as collection, storage, use or deletion. 
  • Data Controller: The TVNAI, which determines the purpose and means of processing personal data
  • Data Processor: Any party processing data on behalf of the TVNAI

 

3. Data protection Principles

The TVNAI adheres to the following principles:

  1. Lawfulness, Fairness & Transparency: Personal data is processed lawfully, fairly and transparently.
  2. Purpose Limitation: Data is collected for specified, explicit and legitimate purposes
  3. Data Minimisation: Only data necessary for the stated purposes is collected
  4. Accuracy: Data is kept accurate and up to date
  5. Storage Limitation: Data is retained only as long as necessary for its purpose
  6. Integrity and Confidentiality: data is processed securely to prevent unauthorised access, loss or destruction

 

4. Legal Basis for Processing

The TVNAI processes personal data based on one or more lawful grounds, including:

Consent: Clear informed consent obtained from data subjects

Contractual Necessity: Data required for membership agreements or service provision

Legal Obligation: Compliance with legal or regulatory requirements

Legitimate Interest: When processing is necessary for the TVNAI’s legitimate interests, provided it does not override data subject’s rights.

 

5. Data Subject Rights

The TVNAI upholds the rights of data subjects, including:

  1. Right to access: Individuals can request a copy of their personal data
  2. Right to Rectification: Correction of inaccurate or incomplete data
  3. Right to Erasure: Deletion of personal data under specific circumstances
  4. Right to Restriction: Limitation of data processing
  5. Right to Data Portability: Transfer of data to another controller upon request
  6. Right to Object: Objection to processing based on legitimate interests or direct marketing
  7. Right to Withdraw Consent: Revocation of previously granted consent

 

6. Data Security Measures

The TVNAI implements robust measures to safeguard personal data:

  • Encryption and secure storage of sensitive data
  • Access control measures to ensure only authorised personnel access data 
  • Regular audits and security assessments
  • Incident response plans to address data breaches promptly

 

7. Data Breach Management

In the event of a data breach:

  • The TVNAI will notify the Data Protection Commissioner (DPR) within 72hours if the breach poses a risk to the individual’s rights and freedoms
  • Affected individuals will be informed without undue delay if the breach is likely to result in high risk to their rights
  • A breach register will be maintained for record keeping and compliance purposes

 

8. Third Party Processors

When engaging third-party processors, TVNAI ensures:

  • Written agreements are in place that outline GDPR compliance obligations
  • Regular reviews and audits of third-party practices

 

9. Data retention Policy

  • Personal data will only be retained for as long as necessary to fulfil its purpose
  • Data retention periods will align with legal and regulatory requirements
  • Records will be securely disposed of when no longer needed

 

10. Governance and Accountability

  • A designated Data Protection Lead oversees GDPR compliance
  • Regular training is provided to staff and members on data protection principles
  • Policies are reviewed annually to ensure continued compliance

 

11. Contact Information

  • For GDPR related queries or to exercise your data rights, contact: Data Protection Lead, Tissue Viability Nurse’s Association of Ireland (TVNAI).
  • Email: admin@tvnai.ie 

 

This protocol ensures the TVNAI meets its legal obligations under GDPR while maintaining the trust of its members and stakeholders.