Data Protection Act 1988 and Data Protection
(Amendment) Act 2003
Next Slide
Purpose
 These acts aim to protect the privacy rights of individuals
with regard to personal data held about them.
 Data Protection Act 1988 only covered data held
electronically, but the 2003 amendment broadens the scope
to include both electronically and manually.
 Data kept for the purpose of preventing, detecting or
investigating offences or apprehending or prosecuting
offenders is exempt from the conditions of the act. Hence
under these acts one cannot see what files the Garda
Síochána have on you.
Previous Slide
Next Slide
Data controller
The person, who is
responsible for the
storage of data in the
business in question.
Other workers may
have access to the
data, but the
controller must give
his approval.
Previous Slide
Next Slide
Personal data
Data relating to an individual from which
he can be identified.
Joe Bloggs got
400 points in his
Leaving Cert.
Previous Slide
Next Slide
Data subject
An individual about whom the personal
data is kept.
Previous Slide
Next Slide
Data Processor
A person, who processes personal data on
behalf of a data controller in another
business, but does not include an
employee of a data controller, who
processes such data in the course of his
employment for his own firm.
Previous Slide
Next Slide
Rights of the Data Subject
 Right to be informed
 Right to establish the existence of personal data
 Right of access to your files
 Right to have Incorrect Information removed or
corrected
 Right to compensation
 Automated decisions
 Direct mailing lists
Previous Slide
Next Slide
Obligations of a Data Controller
Information must be obtained and
processed fairly, accurately and lawfully.
Data only to be used for the purpose(s)
for which it has been collected.
Data must be up to date and only keep
for as long as it is relevant.
All data must be kept securely.
Previous Slide
Next Slide
Obligations of a Data Controller (Continued)
If a data controller receives data from
another data controller he is obliged
to inform the data subject involved
about the data he now holds and the
name of the original data controller.
If the firm is of a certain category, the
data controller must register it with
the Data Protection Commissioner.
Previous Slide
Next Slide
Registration
The following types of companies must register
with the Data Protection Commissioner:
 Public sector bodies
 Financial institutions
 Insurance companies
 Direct marketing businesses
 Internet access providers
 Telecommunications providers
 Firms that offers credit references or collect
debts
 Firms that keeps data regarding racial or ethnic
origin, political opinions, religious or other
beliefs, membership of a trade union, physical or
mental health, sexual life or criminal convictions.
Previous Slide
Next Slide
Role Data Protection Commissioner
 Deals with complaints in relation to this act.
 Oversees the enforcement of the Data Protection
Acts.
 Oversees the register of Data Controllers.
 Outlines codes of practice for dealing with data.
Previous Slide
Next Slide
Data Protection Act 1988 and Data
Protection (Amendment) Act 2003
The end
Previous Slide