Legal Information

Our preparation for GDPR

Our project team continues to work proactively to ensure readiness for GDPR implementation in May 2018.

This project is controlled by way of a formal Project Team, which reports in detail on a monthly basis to our Senior Management Team.

We have initiated a comprehensive four stage program of preparation activities that will help us with GDPR compliance and the appropriate protection of client and staff data.

  • EDUCATION
    We have held internal awareness sessions for senior management, stakeholders and staff.
  • DISCOVERY
    We are in the process of carrying out an Impact Assessment so as to understand and document all personal data processing activities.
  • PLAN
    Where processes can be improved we are documenting our proposed change activities.
  • MAINTAIN
    We are ensuring that all appropriate technology, process and policy is in place both to meet the May requirements and to act as our future Information Governance foundation platform.
Service Contracts

As a Data Controller we intend to use the existence of a contract with our customers and service providers (which detail the processing activities) as the basis for the data processing we undertake. It is therefore essential that we have a contract in place with all customers and third party processors; and updated data protection clauses incorporated as specified by Article 28 of the GDPR. Where this is applicable we will be in contact with service providers over the next few months.

Customer/Employee Rights

GDPR provides the following rights for individuals:

  • Article 15 – Right of access by the data subject
  • Article 16 – Right to rectification
  • Article 17 – Right to erasure (right to be forgotten)
  • Article 18 – Right to restriction of processing
  • Article 19 – Right of recipient notification
  • Article 20 – Right to data portability
  • Article 21 – Right to object
Privacy Notices

The content of our Privacy Notices is under review and will be updated appropriately informing clients of their rights and how we intend to process their data. This will include information as to how to submit an Access Requests (SAR) and who to contact.

Data Breaches

We already have a process for breach reporting that tracks the lifecycle of a data breach from the initial report through to Risk and Compliance team review. This process is being reviewed and tested so as to ensure is robust enough for GDPR requirements.

Data Protection Officer

We will be appointing a Data Protection Officer that reports directly to our Executive.

Asset Registers

We have undertaken a wide scale review of the systems and processes that we use for customers and staff data processing. We are in the process of documenting these systems, enabling our Data Protection Officer to ensure that all appropriate technical and organisational measures are in place.

Data Protection by Design

This is a general obligation to implement technical and organisational measures to demonstrate that data protection has been considered and integrated into our data processing activities; this also includes the good practice of undergoing a Data Protection Impact Assessments (DPIA). We are also implementing a new DPIA requirement for all future IT projects and process changes.

Further Information on our GDPR preparations

For further information please contact:

Clive Bush
Business Development Director
cbush@amari-metals.com

Registered Office

Amari House
Fonthill Industrial Park
Clondalkin
Dublin 22.

Amari Ireland Limited
Registered in Ireland
Registration number 42861.

PDF Reader Software

Certain files on this page will require the Adobe Reader software. We recommend using the latest version if you don't already have it. Click on the "Get Adobe Reader" image below to download the latest version now.