Skip to content

OneTone Classic


Have you begun your GDPR Journey?

Click Me

Welcome to IDPAA

How are you progressing on your Data Protection Obligations?

The General Data Protection Regulation (GDPR) was the single biggest change in Data Protection Legislation for a generation and it came into force on the 25th of May 2018.

It clearly focuses on the rights of the data subject, security of data, consent, data breaches, Data Protection Officers, processor liability and the requirements of organisations to meet those obligations. The GDPR is applicable to all business from the Small Home Operator, SME to the Large Multi-National and all Public Agencies and Authorities.

The GDPR is a substantial piece of regulation that needs to be met and administered from Board level in an organisation. If an organisation does not meet the regulation the fines are substantive and dissuasive.

People Are Key

As for general recommendations, the IDPAA’s first and last steps towards compliance are the same, people. Whether it’s assigning a Data Protection Officer or offering data protection training to staff, education is crucial.

We believe that your data protection team should be cross-functional, with diverse and varied skillsets. Our aim is to educate organisations and to provide clear guidance on how they should re-evaluate the collection of personal data and the use of same.

The General Data Protection Regulation expects you to use a lot of data minimally. People have happily taken as much information as they could whether they needed it or not. GDPR has challenged this, just take what personal data you need for your processing, not everything under the sun.

Our products and Services

A Wide Range of Services to Prepare you and your Business


This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources.

Onsite Training

Training session are classroom style and are interactive and provide real-life situations. All training can be tailored to your specific industry requirements and delivered in-house or at a venue of your choice. Certificate of Attendance and CPD is provide for specific sectors.

Online Training

We have developed a range of online training to help you and your employees comply with the evidential requirements of the GDPR. Our training comes complete with certificates of completion and can also be certified for CPD by a selection of certifying bodies.

Outsource DPO

There is a requirement under the regulation to appoint a DPO if you process, large amounts of personal data or if you are a Government agency. The GDPR provides that DPO’S “shall be designated on the basis of professional qualities and…

read more…

Policies & Procedures

Under the regulation there is a requirement to document and evidence your organisation compliance with the GDRP. IDPAA can support your organisation through the creation and implementation of the following policies:

read more…

Data Protection Impact Assessments

IDPAA can provide guidance on completing Data Protection Impact Assessments including methodologies and templates that are easy to follow

Steps to Compliance

Simplicity is key when navigating the requirements of the General Data Protection Regulation (GDPR) and most of the regulation should be seen as what is just simple common sense. As business owners we can sometimes forget the responsibility of being a care taker to another’s personal data. We often see the data as ours when in fact it’s not.
If you were entrusted to care for another’s precious item, wouldn’t you make sure that you met that trust head on, that you made sure you did all in your power to protect that precious item that was entrusted to you. Personal data is extremely precious, in the wrong hands or neglectful hands it can impact a person’s life significantly.
Deciding to be a trust worthy company is the first step on meeting the regulation and honouring the trust that a data subject has placed in your organisation.

Step 1- Getting your house in order.

What data do you hold? What do you do with the data, Does the Data Subject know what you do with their data and if you share it with any other business? Do you have current Data Protection controls in place or do you not?
What gaps do you have?
Are you processing data fairly, securely, for the purpose it was intended, for the time it was intended to be kept for, do you make it available to the data subject, is it consented, or do you rely or other lawful purposes outside of consent.

Step 2. Found the gaps, issues, concerns- now fix them

DPIA, policy, education of staff, controller/processor contracts, data transfers extra territorial (anything outside the EU) informed consent, transparency, access, data protection officers (if you need one) enhanced security (physical and digital) privacy by design and default

Step 3. It’s in our culture

Arriving at the final step to regulation is a significant move forward, however we cannot just meet compliance by creating the great policy or having latest security software that’s state of the art. Meeting regulation head on requires a cultural change in an organisation. We can be compliant on paper but if we do not live the program we can not ever meet what is required.

What OUR Clients Say

Sincere gratitude to the IDPAA team of highly skilled professionals for their customer-oriented services and training services. No matter how complicated your problem is, their experience, knowledge and skill will help guide you. Many thanks for such careful analysis of the details and comprehensible advises and practical training.

Irish Institute of Credit Management

Weatherglaze acquired the services of Paula & Kevin of IDPAA in 2018 to help us with the transition to GDPR.
With Paula’s extensive expertise in the area we were confident that we had identified the best partner to help us. A clear and detailed plan was communicated and while it did involve a lot of work on our part Paula directed our efforts so that we were able to achieve a significant amount in a short space of time. Paula & Kevin were able to provide a complete service which included template documents, structured actions plans and in house staff training. Based on our experience with IDPAA we continue to use Paula & Kevin to advise us on data security. We would highly recommend IDPAA, excellent service.”

Conan Doyle
Financial Controller, Weatherglaze Systems Ltd

IDPAA have become our preferred representation in relation to the GDPR and Data protection matters due to the skill and expertise of Paula and Kevin. They are approachable, knowledgeable and a pleasure to work with. Both of them are always happy to take the time to understand the specific needs of our business and ensure that their advice and guidance supports this.

Shay Waldron
Director of Credit & Data Protection, Magnet Networks Ltd



It’s Your Data, Take Control

Irish Data Protection Association & Academy
Paula Carney-Hoffler
Co Tipperary

    Join our mailing list