Galway is home to a thriving business community, and roofers in the Galway City area and beyond are no exception. But many don’t realise the extent of their GDPR obligations — particularly around handling customer insurance claim details and policy numbers without adequate security measures. This guide breaks down exactly what’s required under Irish and EU data protection law.
Join 2,000+ Irish businesses already protected
Absolutely. Under the GDPR and the Irish Data Protection Act 2018, all roofers in Galway that collect, store, or process personal data must be fully compliant. This covers everything from booking details and payment information to CCTV footage and staff records. The DPC can impose fines of up to €20 million for non-compliance, and Irish businesses of all sizes are subject to enforcement.
RISK ASSESSMENT
Handling customer insurance claim details and policy numbers without adequate security measures
Using drone photography for roof surveys that captures neighbouring properties and individuals
Storing emergency call-out customer details — collected under pressure — without following up with proper privacy notices
Sharing customer insurance and contact details with loss assessors or suppliers without the customer's knowledge
Retaining roof survey photographs and reports containing property details indefinitely
DATA INVENTORY
FREE ASSESSMENT
See exactly where your Roofer in Galway stands on GDPR compliance — no signup required.
REQUIRED DOCUMENTS
Every Roofer in Ireland needs these documents to demonstrate GDPR compliance.
STEP BY STEP
Provide a privacy notice to all customers before commencing work, including specific mention of any insurance data you will process and any drone surveys you will conduct.
Register with the Irish Aviation Authority (IAA) for drone use and comply with both aviation and GDPR rules when capturing aerial images of properties.
Store insurance claim details, policy numbers, and loss assessor correspondence in a secure, encrypted system with limited access.
Set clear retention periods for drone footage and roof survey photographs — delete them once the job and any warranty or claims period has ended.
Put data processing agreements in place with loss assessors, material suppliers, and any other third parties who receive customer data.
For emergency call-outs where data is collected quickly, follow up within a reasonable timeframe with a proper privacy notice and ensure the data is entered into your secure system.
COMMON PITFALLS
Using drones for roof surveys without considering that the footage may capture neighbours' properties and gardens, which is a GDPR issue as well as an IAA matter.
Storing customer insurance policy numbers and claim details in unsecured emails or paper files that any staff member can access.
Collecting customer data during an emergency storm call-out and never providing them with a privacy notice explaining how their data is used.
Keeping roof survey reports and photographs for years after the job is done without any data retention schedule.
FAQ
Everything you need to know about GDPR compliance for your business.
Contact usOTHER SERVICES
Every day your Roofer in Galway operates without proper GDPR compliance is a risk. The DPC is increasing enforcement across Ireland — get ahead of it today.
Join 2,000+ Irish businesses. No credit card required.