Torc Consulting Group
 Data Protection Policy
In Ireland Data Protection law applies to the processing of personal data of living individuals. In addition every Torc employee, associate and contractor has obligations to ensure confidentiality of personal and business data under their contract of employment or engagement on a specific assignment.
This policy is focused on informing Torc, its employees, associates, contractors and agents of their responsibilities under data protection to obtain, process and disclose personal data in accordance with the Data Protection legislation requirements.
Torc Data Protection obligations
As a data controller Torc has obligations under the Data Protection Acts of 1988 and 2003 and General Data Protection Regulation 2018 to ensure that personal data is managed in accordance with the eight principles of data protection. At a high level, Torc must ensure that personal data is:
  1. obtained and processed fairly
  2. kept only for specified, explicit and legitimate purposes
  3. not used in a manner incompatible with purpose for which it was provided
  4. protected against unauthorised access, alteration, disclosure or destruction or unlawful processing
  5. accurate, complete and, where necessary, kept up to date
  6. adequate, relevant and not excessive in relation to the purpose for which the data was collected
  7. not kept for longer than is necessary
  8. disclosed to the data subject on request and corrected or destroyed where they so request.

The Acts also provide that a “duty of care” is owed to data subjects, which means that those controlling or processing the data should take care that their activities do not cause damage or distress to the people concerned by, for example, maintaining inaccurate information on our files, or disclosing personal data to someone who is not entitled to this data.

To ensure that all staff and others who process personal data on behalf of Torc are doing so in accordance with these principles at all times, we have developed this Data Protection Policy together with a Data Protection Code of Practice for general application.
Paddy Collins is Torc’s Data Protection Officer (Full details of the role and responsibilities of the Data Protection Officer are in the Appendix.)
What is personal data?
Personal data is any data that identifies a living individual. If an individual can be identified directly from the data or indirectly, by using that data in conjunction with other information that is in Torc’s possession then that constitutes personal data.
This means if we have a piece of data on one system such as a mobile number that can be input to another system and matched to other data – name, address, date of birth etc., then that mobile number constitutes personal data.
Who does Torc hold personal data about?
Torc holds personal data for a narrow range of individuals such as current and former clients, prospective clients, candidates, course participants and employees.
How can we use personal data?
Torc can use personal data to complete the purpose for which the data was obtained.
Rights of data subjects (i.e. clients, candidates, course participants and employees, third parties etc ) to access to personal data
Data subjects include any person about whom the Torc processes personal data.
All data subjects have the right to access the information held about them, ensure that it is correct and fairly held, and to complain to the Data Protection Commissioner if they are dissatisfied.
All data subjects have the right to ask for their personal data to be deleted and not to be processed any longer.
All requests to access or delete personal data will be handled in accordance with the procedures as detailed in the Data Protection Code of Practice and in the General Data Protection Regulation.
It is very important to note the following: 
  • You may not access any personal data records or databases for your own purposes, or for your friends or family. This is a serious offence.
  • If you plan to use personal data for a new business purpose, you must first obtain formal permission from the Data Protection Officer.
  • If a third party requests any personal data, you must always validate the identity and authority of the third party to ensure that he or she is entitled to the information and you must ensure that any disclosure is permissible under this policy.
Managing Contractors/Suppliers and other agents
If Torc is providing any personal data to a third party we must have consent to do so. In addition, we can only provide this data where there is a contract established which includes adequate provisions for data protection. Torc must include comprehensive provisions for data protection which state and limit the purposes for which data is provided, limit access only to essential contract staff/associates and ensure data copies are recovered/destroyed when services have been provided or the contract comes to an end.
We must also take appropriate operational measures to ensure the contractor/associate has appropriate organisational and technical measures to safeguard any personal data provided.
Should you have any questions regarding this policy and Torc data protection obligations please contact:
Paddy Collins, Data Protection Officer
Torc Consulting Group
Torc’s Data Protection Officer
The responsibilities of the Data Protection Officer are:
  • to implement Data Protection training and awareness for staff ;
  • to advise Directors on any relevant Data Protection issues;
  • to supervise the application of the Data Protection Acts;
  • to review and update the Data Protection Code of Practice / Data Protection Policy as necessary;
  • to undertake any necessary coordinated consultation and be the primary contact for all consultation with any other body regarding any new development in Data Protection e.g. any new EU Regulation on Data Protection;
  • to be the primary contact for all Data Protection matters with Data Protection Commissioner, including reporting to Data Protection Commissioner on Data Protection breaches;
  • to ensure requests for personal data submitted to Torc are processed in a timely manner by the appropriate person;
  • to receive complaints and respond if anyone in Torc is not happy with how the Data Protection Code of Practice is being applied;
  • to receive complaints and respond if any data subject believes that their request for personal data has not been processed appropriately;
  • following a formal evaluation of the request, which approves it as valid, to ensure requests from other organisations for access to personal data in Torc’s possession are processed in a timely manner by the appropriate person.

Dental Assistant – we’re hiring now!

We are currently looking for a Dental Surgery Assistant to join a successful team in a well-trusted Orthodontics Practice in Limerick city.   Dental Surgery Assistant part time position, potentially leading to a full-time role comprehensive training will be provided...

Sales Manager – we’re hiring now!

On behalf of our client, a well-established organisation, which is part of a worldwide business consultancy network, we are looking for a talented and ambitious SALES MANAGER Main responsibility Selling products and solutions into Irish Market Perfect fit excellent...

Good news for Retirees!

  Tilda - Research Results Great news for Retirees! Recent research from TILDA (The Irish Longitudinal Study on Ageing) tells us that older people in Ireland report high levels of wellbeing – with most feeling younger than their actual age and maintaining a sense of...

Career and Retirement Programmes – Now Online!

Torc in New 'Virtual' Reality In response to the global pandemic situation and in the interest of our clients' safety all Torc Career and Retirement Planning Programmes have been adapted to the new reality and are currently available online. New Forms of Delivery Torc...

Latest News & Views

Torc Consulting Group
13 Herbert Place
Dublin 2
D02 YD32
Tel: +353 1 662 3020

Case Studies

A member of the Institute of Management Consultants and Advisers

Call Now Button