New Partnership deal to provide companies with a “One-Stop-Compliance-Shop”


A specialist Data Protection consultancy company and a local Human Resource (HR) management firm, have teamed up to provide a unique service offering to Companies and Organisations a “One-Stop-Compliance-Shop”.  Data Protection Training & Auditing Services and Hands-On HR will help companies be compliant with current legislation in the areas of:  Data Protection and the GDPR; Human Resources and Health & Safety.

“We are very excited with this partnership” said Eugene Grant, Principal Consultant of Hands-On HR.  “It’s clear that small to medium sized organisations are looking for an affordable compliance partner to ensure there are on the right side of any legislative or regulatory in terms of their client and staff data and legal obligations.  Through this partnership, we can now address their compliance needs with a value for money proposition”.

John Nealon managing Director of Data Protection training and Auditing Services stated that, “the benefits of using our “One-Stop-Shop” Regulatory Compliance Service includes access to a team of subject matter specialists, which ensures your company is up to date with Data Protection, HR and Health & Safety legislation.  This expertise ensures that business owners have peace of mind.

Our service will also deliver practical benefits to companies including gains in efficiency and quality; flexibility to scale; single point of contact; reduced burden on internal infrastructure and resources and effective cost reduction.”

At a recent function, the partnership was welcomed by Minister for Business, Enterprise, and Innovation, Heather Humphreys, TD.  The Minister wished the two companies every success into the future and detailed that “data protection and human resource compliance work hand in hand, and are hugely important for organisations.  I believe this partnership will deliver a quality service to their clients in the areas of Data Protection; HR and Health & Safety compliance.”

For further information contact John Nealon or Fionnualla McKenna on 042 9749515 or email

Schedule of Training: June 2019 to December 2019

Title of trainingDateDurationCertificates / CPDCost (First/additional attendees)Book Here
The business case and road map to implementing ISO 27001To Be confirmed4 hoursCertificate of attendanceTo Be confirmedRegister your interest here
Preparing a Request for Tender of an IT/Cyber security projectTo Be confirmed4 hoursCertificate of attendanceTo Be confirmedRegister your interest here
Direct Marketing and GDPR –
The Can Do's and Cannot Do's
20th January 20203.5 hoursCertificate of attendance€290/€190Register your interest here
Data Protection Training for
Front line staff
12th February 20203.5 hoursCPD hours: Institute of Bankers; ILCU and LIA
Certificate of attendance
€120/€90Register your interest here
Direct Marketing and GDPR - The Can Do's and Cannot Do's09th March 20203.5 hoursCertificate of attendance€290/€190Register your interest here
Data Protection Training for Front line staff22nd April 20203.5 hoursCPD hours: Institute of Bankers; ILCU and LIA
Certificate of attendance
€120/€90Register your interest here
  • Training takes place in our Castleblayney training centre unless otherwise stated.
  • Course start at 9.30am unless otherwise stated.
  • (10% Early Bird discount on all bookings made two weeks before training session)
  • To book your place, simply email or phone 042 9749515
  • Early booking is advised as places are strictly limited. Bookings are only secured with full payment. Full payment must be made prior to course commencing. Course run subject to demand.

If appropriate please pass on to Your Marketing Department


What our Customers are saying

“John is extremely knowledgeable and always willing to go that step further to ensure his information is accurate”

“As always, a good course organised and run by John, with good discussion points”

“Learned a lot and all questions answered well. My company has got excellent clarity on what we can/cannot do regarding direct marketing now. Thanks very much”

“GDPR in simplified terms”

“Very interesting course and I learned a lot”

TRAINING – Direct Marketing and GDPR – The Can Do’s and Cannot Do’s

John Nealon, Certified Data Protection Officer, will be holding another one of his very successful Training Courses on how the GDPR and e-Privacy Directive together impacts of various Direct Marketing initiatives.

The session is focused, practical in its content and covers topics such as: 

  • The key aspects of the GDPR and E-Privacy regulation impacting on Direct Marketing
  • Implications of using Consent and Legitimate basis for direct marketing
  • Current fines being imposed by DPC on Direct Marketing infringements
  • Business to business marketing
  • The “Can Do’s” and “Cannot Do’s” for:
    • Email Direct Marketing
    • Postal direct marketing
    • Telesales
    • Faxes and SMS (texts)

Date: Thursday 20th June 2019
Time: 10am to 1pm
Location: Castleblayney
Cost: €290 for first attendee, €190 per person thereafter.
(10% Early Bird discount on all bookings made by 12th June)

To book your place, simply email or phone 042 9749515.


If Appropriate please pass on to Your Marketing Department
Early booking is advised as places are strictly limited.  Bookings are only secured with full payment.  Full payment must be made prior to course commencing. Course run subject to demand.

10 Insightful Q and A’s – Dash Cams, Business and Data Protection

Whether it is used to mitigate personal security concerns or having a means to establish liability in the event of an accident, the use of Dashboard mounted CCTV – Dash Cams – in business vehicles has increased over the past number of years. This article details some of the considerations business managers need to consider if they have or are thinking of installing dash cams into their fleet.

Do the images of individuals recorded on our dash cams constitute personal data processing?
Yes. If your dash cam records people on the public road, licence plates or (in relation to inward facing systems) company employees this constitutes the processing of personal data.

I use dash cams in my company vans or lorries in case of an accident, what practical steps should I do to comply with the GDPR?

Personal data needs to be processed in a transparent manner. To ensure this the following actions should be undertaken by the company: a) Have clear signage both on and inside the vehicle, indicating that filming it taking place. b) A policy detailing the purposes of the recording. Note here, that if you only state that the purpose is for use in the event of an accident – it can only be used for this purpose! c) The policy should also contain contact details, the basis of processing and how long you retain the data. d) leave hard copies in your vehicle so that your driver can give a copy out in the event of a query, e) consider issues such as security and who can access the footage.

My dash cam usually rewrites over previous footage every week – can I hold the footage longer if there was an incident like an accident?

Yes. While your normal retention period might be a week, in the event of an accident or other incident, the recording may be kept longer

If the dash Cam records an individual, can that individual request a copy of the footage?

Yes. You should be able to provide a copy of the footage containing the data subject within 30 days. You should also avoid sharing other peoples data, ie other licence plates etc. It is your responsibility that necessary redaction is completed on the footage before it is released.

Can An Garda Siochana view a Dash Cam recording?

Yes, An Garda Siochana can view any footage upon request. However, a copy of the footage should only be released following receipt of a written request as per Section 41 of the Data Protection Act 2018.

Can I pass a Dash Cam recording to an insurance company?

Yes, but you must be satisfied that the insurance company will restrict its use of the data to only what is necessary, keep it secure and hold it only for as long as required. You should request a company’s policy with regarding to submitting recording prior to sending the material.

My insurance company offers discounts if I install dash cams, are there any Data Protection implications?

According to the data Protection Commissioner “If you enter into an arrangement with your insurer that requires you to own or operate a Dash cam to avail of a discount, your insurer may be acting as a joint controller”. As a minimum, you should ask the insurance company for a copy of their policies in relation to personal data that you record and ensure that the policy sets out each other respective responsibilities.

What are the key employee data protection implications for inward facing dashcams?

Many companies now have inward facing dash cams within company vehicles. There are a number of concerns in relation to this a) What is the purpose of the recording; b) have these purposes of processing been put in a written policy document; c) have employees clearly been informed of the existence of the dash cams and the purposes of processing; d) is such processing dealt with by way of Employee contract

What is the situation regarding video and Audio inward facing dashcams within taxis etc?

Audio and Video recording dashcams are usually deployed in buses and taxis for security and other reasons. In addition to the previous answer, such recordings may also capture images of passengers etc. In this situation, passenger need to be informed in a clear and transparent manner.

But, I only have a dash cam for my own personal use, is there any data protection implications?

If your dash cam is inward facing and is in your own car, the domestic use exemptions may apply. However, as a general rule of thumb if your dash cam is outward facing and you are recording the street outside, this is NOT domestic use.

You, should ensure that private Dash Cams are NEVER used within company vehicles.

Internet Safety for your Children

Parents have you bought a connected toy or device for your child?

The Data Protection Commissioner is continuing to highlight the dangers of buying internet connected devices for children.  Seeing that Santa may have brought some of these devices to the good boys and girls, it is a good idea for parents to look at some of the advice that the Data Protection Commissioner (DPC) has issued.

Some toys are highly interactive and can recognise words and respond accordingly.  They may also connect to apps on smartphones or tablets.  This connection through smart phones or other internet enabled devices “might allow for the collection and recording of ‘conversations’ between the doll and the child, or even act as a walkie-talkie.

The GDPR empowers parents/guardians to have more control of their children’s personal data processing.  The manufacturer of these toys may rely on consent to legally undertake the collection and processing of the child’s Personal data.  If the child is under 16, the Parents or Guardians consent is therefore needed.

So, these are key Take home points for parents/guardians should undertake:

  • Ensure that they are asked for authorisation
  • Understand who the data controller is, why the personal data is being collected and how it is secured.
  • Be able to exercise their right to withdraw their consent, to find out or access the personal data that is retained, and/or how to have it deleted.
  • To take extra care when selecting a toy that has a camera or voice-recording ability, connects to the internet, allows remote connection using a smartphone or tablet app, or has a location tracking facility.

If you would like any additional information or advice, contact our Data Protection team on 042 9743040