GDPR Compliance

GDPR compliance starts on the 25th May and we take this subject very seriously at CarePal.

Under the new GDPR regulation, CarePal is primarily considered the "processor" for your data and you are the "controller" of your data. 
Below briefly outlines our compliance with GDPR but if you require further information then please contact Alan Henvey, our Data Protection Officer at This email address is being protected from spambots. You need JavaScript enabled to view it.

As a SaaS provider, we must adhere to certain requirements as per the GDPR.

These include:
  • Provide sufficient guarantees to implement appropriate technical and organisational measures to ensure processing meets the requirement of the GDPR and process personal data in accordance with the controller’s instructions
  • Require prior written consent from the controller to subcontract their activities
  • Maintain a binding contractual agreement between the client and ourselves
  • Maintain a record of all categories of processing activities
  • Required to notify the controller of any breach without “undue delay” after becoming aware of it
  • Ensure data stored securely using appropriate measures.
How do we comply?
  • Ensure our clients have the right to provide us the data to be processed and stored
    All our clients are required to sign a statement of consent as part of the contract. This statement outlines the types of data to be stored and that our client has the required permissions to obtain the information.
  • Only process data in accordance with our clients instructions.
    Any maintenance or changes to our clients data is only completed upon receipt of written instructions. 
  • Put in practical measures to prevent loss, destruction of damage of data.
    CarePal follows security by design and as such the application has been developed from the start with security a primary focus. Further details on the security of CarePal are available upon request.
  • CarePal have implemented new processes in terms of security auditing, breach notification and monitoring
  • Assignment of a Data Protection Officer 
Subject Access Request (SAR)

CarePal cannot deal directly with any subject access requests. As such, any requests received from your staff will be sent to you for processing. 

Individual Rights

GDPR gives the individual more power over their data and as such have new rights. We, as you are, are obligated to adhere to these rights.

Data Security

We treat data security very seriously due to the nature of the data we hold on behalf of clients. Our software was designed with security in mind and as such follows all the best practices.

For further information on the security of CarePal, our GDPR Compliance or general queries on data protection, please send your request to our Data Protection Officer at This email address is being protected from spambots. You need JavaScript enabled to view it.

Call now for a personal demo - +353 1 9011382

This website uses cookies but we do not record any personal information
Don't show again