Your Perfect Cybersecurity Partner

Stay Connected:



The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). Since the Regulation applies regardless of where websites are based, it must be heeded by all sites that attract European visitors, even if they don't specifically market goods or services to EU residents.

Awesome Image

Approach to EUGDPR

  • GDPR compliance requires board-level support. It’s therefore essential that the board understands the implications of the Regulation – both positive and negative – so that they can allocate the resources needed to achieve and maintain compliance.

Free Download Center

Cybersecurity starts from proper awareness. Briskinfosec BINT LAB cybersecurity researchers continuously put extraordinary effort to help you to realise cybersecurity better and faster. Just download the ThreatSploit Adversary report.

Awesome Image

What CISO needs to do

  • Advise the board about data protection risks and the benefits of GDPR compliance.

  • Obtain management support for your GDPR compliance project.

  • Assign accountability for GDPR compliance to a director.

How GDPR Works

  • Scope and plan your GDPR compliance project
  • Conduct a data inventory and data flow audit
  • Undertake a comprehensive risk assessment
  • Conduct a detailed gap analysis
  • Develop operational policies, procedures and processes for PII & SPII Information
  • Secure personal data through procedural and technical measures
  • Improve privacy-related internal procedures
  • Appoint a Data Protection Officer
  • Ensure teams are trained and competent
  • Monitor and audit compliance
  • Implement and Achieve GDPR compliance
  • Continual Improvement, Monitoring and Tracking

Need a Quote

To plan, build and certify your Organization as HIPAA Compliant. Kindly provide your contact details, as mentioned below.

Any Penalties for Non-Compliance?

Article 79 is one of the GDPR provisions getting the most attention recently, as it introduces penalties and fines into data protection regulations. Specifically, the GDPR introduces:

  • Increased SA Authority: SAs, or Supervisory Authorities, are independent organizations that investigate complaints about businesses and their compliance with GDPR rules. Under GDPR, these organizations have more authority than they did under the 1995 Directive, holding both investigative and corrective powers. SAs may perform audits to ensure compliance, issue warnings for non-compliance, set deadlines for compliance correction measures, and decide on the penalties and fines to be issued to specific companies for certain infractions. SAs can even order data to be erased and block organizations from transferring data between countries.
  • Non-Compliance Fines: The GDPR allows SAs to issue larger fines than under the Data Protection Directive. In the former Data Protection Directive, penalties and fines were largely determined by the states and tended to be very low compared to industry standards. In the new GDPR rules, however, fines are set by the SA based on the circumstances surrounding the case. The SA may choose whether to impose fines, as well as the precise amount of the fine. Generally speaking, companies that fail to comply with significant regulations may face fines up to four percent of the company’s total worldwide annual turnover. While four percent may seem like a small amount that can total in the millions and billions for larger corporations. Alternatively, smaller companies with lower annual turnover may face fines up to 20 million Euros.

GDPR compared to the Data Protection Directive

The GDPR includes the following changes compared to the Data Protection Directive:

  • Standardization: Data Protection Directive’s biggest weakness was the fact that it was a directive, meaning that it could only set minimum legal standards for EU states. This meant that EU states had to create their data protection laws, and resulted in a wide variety of data protection laws across Europe with little standardization. GDPR is designed to solve this problem – as a regulation, GDPR imposes a uniform law on all EU member states without needing state legislation to pass. The result of this consistent rule is standardization across the EU, making the regulatory environment simpler for international businesses.
  • Control: One of the primary goals of the GDPR is to give control of personal data back to citizens and residents of the EU. This is reflected by requirements that subjects give consent before data is processed, that collected data is anonymized and safely handled when transferred, and that breaches are handled with the utmost urgency and care. The regulation also applies strict rules to the export of personal data to entities outside of the EU and requires certain types of companies to appoint data protection officers for overseeing GDPR compliance within their organizations.

These GDPR requirements are already in full swing in European Organizations including the UK, so companies the regulation applies to must ensure that they’re compliant with the new requirements before that time. Any businesses that fail to comply with GDPR laws will be prone to penalties and fines.

Highest Success Rate

As per the EU Commission ,

  • Awareness of Data Protection Authorities
    • 57% of Europeans know that there is a public authority in their country responsible for protecting their rights about personal data
    • 20% know which public authority is responsible
  • Awareness of GDPR
    • 67% of Europeans have heard of the GDPR

Get in Touch

For more information on how our Briskinfosec penetration testing services can help safeguard your organisation, call us now on +91 860 863 4123 or request a call back using the form below.

How do we differ?

Briskinfosec providing a unique way to implement EU – GDPR for valuable Customers

Maintaining compliance with the new GDPR laws will take a great deal of work and development, especially if your company doesn’t already have extensive security and monitoring systems in place. Between the monitoring requirements and the staffing and contact needs involved in maintaining GDPR compliance, your company needs a system that will help balance it all. Briskinfosec can help with a GDPR compliant Cloud SOC.

Briskinfosec offers as your comprehensive cloud-based managed security for GDPR. This cost-effective solution for MSPs is designed to provide around the clock managed security for GDPR for small to mid-size businesses.

Briskinfosec security and compliance platform offers:

  • Advanced architecture designed to help businesses minimize their risks and manage their compliance with regulatory entities like GDPR while still maintaining business continuity
  • Multi-tenancy support helps your company store customer data and accounts, protecting the integrity of their personal information
  • The GDPR compliant network monitoring system provides real-time attack visualization, which helps identify attacks and breaches as they happen, using rules-based, vulnerability, statistical and historical correlations to alert you immediately and identify crucial attack information for reporting
  • Vulnerability correlation software integrates all the data from your detection systems, identifying and eliminating false positives so that your team is free to focus on actual threats
  • Sophisticated reporting tools to help put together reports for GDPR audits, as well as other regulatory entities like ISO, PCI, HIPAA and SOX

With the tools provided by this GDPR compliant SOC, your business and your data protection officer are more able to prevent and mitigate breaches and maintain compliance with the new GDPR standards.

To whom GDPR Applies

As an EU regulation, GDPR is designed to protect the personal data of data subjects residing in the EU. Specifically, Article 3 of the GDPR states that it applies to the processing of personal data of citizens and residents of the EU, even if the processor isn’t established in the EU. Practically, this Article of the GDPR means that these Regulations apply to any company marketing goods or services to EU residents and citizens. These include:

  • EU States: Government entities that handle the personal data of citizens and residents of the EU are as much subject to GDPR rules as any company.
  • EU Companies: EU companies, since they are both located within the EU and handle transactional and personal data of EU citizens and residents, are expected to comply with GDPR.
  • Global Companies: Any company that markets goods and services to EU states and completes transactions with EU citizens and residents are also expected to maintain GDPR compliance, regardless of where the corporation is located. Even if they have no staff or equipment located in the EU, if their marketing efforts extend to the EU or they use personal data to track the behavior of EU citizens, they are subject to GDPR rules.

Awards and Affiliations



What is data protection legislat>

What is GDPR?

GDPR stands for General Data Protection Regulation. It is a European Union legislation and is in place since 25 May 2018.

GDPR matters as it sets out the ways in which the privacy rights of every European Union citizen must be protected and the ways in which a person’s personal data (information) can and cannot be used. The Adoption Authority must follow the GDPR requirements around the personal information that we can and cannot share.

What is personal information?

Personal information is any information that can be used to identify a living person. Examples of personal information are:

  • A name
  • Date of birth
  • Address
  • Phone number
  • Email address
  • Personal Public Service (PPS) number
  • Photos
  • Internet Protocol address

These are all protected by law.

Is it always better to make a formal subject access request (also called data protection request) for information?

Not necessarily. Data protection requests are part of a very rigid process and must follow a particular format. This means the information you can get from a formal subject access request (SAR or data protection request) can be quite limited in what you are entitled to receive by law.You may be disappointed or surprised because you might not get information you already have through another source. Sometimes a simple informal request can help you more.

Can I have information about someone other than me personally, for example, a family member who is now deceased?

Unfortunately, the answer to this is no. The laws governing the Data Protection Act refer to a “Living Individual” only, so information about a deceased person is not covered.

GDPR will only make your personal data available to you. This means information about a person other than you:

  • Is not available to you under GDPR, and
  • Will not be given to you under GDPR.

Why do I have to give the Adoption Authority proof of identity when making a request for personal information?

By law, you have to give us proof of your identity to protect people’s personal information. We cannot provide information to any individual until they provide proof that they are who they say they are. If we did not ask for proof of your identity, then any member of the public could pretend to be you and could be given your personal information.

What proof of identity do you need to get for the Authority?

We accept most photographic and legal documents as proof of identity. Before we can give you the personal information we might have, we need a copy of one of the following of your personal items:

  • Current Irish driving licence
  • National Age Card
  • Passport
  • Public Service Card

Important: The copy of the identification you use should be verified (stamped). This means that before you send us a copy of your identification, you need to get the copy stamped by:

  • your local Garda or police station (free), or
  • a solicitor or commissioner for oaths if preferred. (There may be a fee in these instances.)

When we get this verified copy of your identity, we can start to work on your specific request for data. We can’t start working on a request without having formally confirmed your identity.

I don’t have any of the above identification

Do not worry if you do not have any of the items above. You can call to your local Garda station with a recent photograph and they will help you complete a form called ML10. We can accept this form as proof of identity when you send it to us.

I am looking for my original birth certificate. It is a public document, why can’t I have it?

A birth certificate contains the personal data of people other than you. If provided to you, it would identify another person or people without their prior consent.

I got copies of some documents, but they are heavily redacted (blacked out in parts). Why is that?

Sometimes we have to redact parts of documents. Redact means black them out like this . We do this as these blackened parts are private or cannot be legally shared due to reasons like confidentiality concerns. If a document refers to someone other than you, any information which would identify them, we must legally protect.

Similarly, if another person asked us for documents that mentioned you we would black out (redact) the references to you to protect your personal information.

What or who are “third parties”?

‘Third parties’ is a term that you might hear when we reply to your request for information. It is important that you know what it means. ‘Third party’ is a term used to refer to individuals other than you personally. We work hard to get you the documents you are legally entitled to. Sometimes, we are not legally allowed to release documents that contains ‘third party information’ to you.

For example, on an adoption file there can often be the marriage certificate of the adoptive parents, or references from doctors, employers or Gardaí on behalf of the adoptive parents. These documents do not have your personal information. They have third-party information, so we cannot share them with you. Third party information is protected by law and we would be breaking the law if we shared such information with you.

How long does it take before I get my personal data?

By law, once we have stamped (verified) ID for you – we have 30 days to get the information to you. But, if your information is complex, we may extend the timeline for a two further months. We will write to you if this longer time period applies to you so you will know to expect it.

Can I get personal information under the Freedom of Information Act from the Adoption Authority?

For adoption-related personal information Unfortunately, you cannot get personal information under the Freedom of Information (FOI) Act from the Authority if it relates to the making of an adoption order.

[The Adoption Authority is referred to in the Freedom of Information Act. The Act lists the Authority as a “Partially Included Agency” and this means that adoption-related files are exempt – not covered – as part of FOI requests.]

For other information People can get other information we may hold about them on other types of records under FOI. For example, a person who attended an interview for a job with us may request under FOI feedback on their performance.

If I discover something is incorrect in my data which I received from the Adoption Authority, do I have the right to get it corrected?

Yes, in some situations you can correct information about you that is incorrect. [We can do this, it is called “a right to rectification” under GDPR.] We can advise you as to how to do this if you tell us what has been recorded incorrectly

Correcting some information (like factual information) may mean that documents have to be amended by the organization who gave us the information in the first instance. This may take some time as there are legal procedures to follow. However, we can correct simple mistakes such as misspellings or a typing error.

How to get us to correct incorrect information

To get the correction made, please write to us in with the correction you want. The correction might be to:

  • Update an address
  • Telephone number
  • Correct the spelling of your name

What happens when we can’t correct information?

Sometimes we are not able to make corrections. For example, if the spelling mistake or the date of birth is on an official document which we hold, we may not be able to make the correction for you. If this is the case, we will tell you this and tell you how you can get the official document corrected if necessary.

Can I have my information erased?

It depends. While there is a right under GDPR called “the right to be forgotten”, it is not an absolute right as there are some records which cannot be erased because they must be kept by law (that is under The Adoption Act 2010). For example, the record of an adoption order is a legal record and must be kept for that reason.

The Adoption Authority has to keep much of the data we have about you as it is part of a legal process. We will review the data we hold when we receive a request to erase information. We will do this to see if any of the data we hold about you may be erased. One of our staff will write you after this to tell you this has been done or why other data cannot be erased.

Speak to an Expert

For more information on how our Briskinfosec penetration testing services can help safeguard your organisation, call us now on +91 860 863 4123 or request a call back using the form below.