Data protection act 2018
Enactment Date | 24 May 2018 |
Act Number | 7 |
|
|
Number 7 of 2018 |
|
DATA PROTECTION ACT 2018 |
|
CONTENTS |
PART 1 |
Preliminary and General |
1. Short title, citation and commencement |
2. Interpretation |
3. Designation by appropriate authority |
4. Obligation not to require data subject to exercise right of access under Data Protection Regulation and Directive in certain circumstances |
5. Expenses |
6. Regulations |
7. Repeals and revocations |
8. Application of Data Protection Act 1988 |
PART 2 |
Data Protection Commission |
9. Establishment day |
10. Establishment of Data Protection Commission |
11. Supervisory authority for Data Protection Regulation and Directive |
12. Functions of Commission |
13. Performance of functions of Commission by Commissioner or member of staff |
14. Transfer of functions of Data Protection Commissioner to Commission |
15. Membership of Commission |
16. Appointment of chairperson of Commission |
17. Resignation, removal, disqualification of Commissioner, ineligibility to become Commissioner |
18. Acting Commissioner |
19. Accountability of Commissioner to Oireachtas Committees |
20. Assignment and transfer of staff to Commission |
21. Staff of Commission |
22. Superannuation of Commissioners |
23. Accounts of Commission |
24. Annual report |
25. Accountability for accounts of Commission |
26. Prohibition on disclosure of confidential information |
27. Civil proceedings for contravention of section 26 |
PART 3 |
Data Protection Regulation |
Chapter 1 |
General |
28. Fees |
29. Child for purposes of application of Data Protection Regulation |
30. Micro-targeting and profiling of children |
31. Consent of child in relation to information society services |
32. Codes of conduct: children |
33. Right to be forgotten: children |
34. Designation of data protection officer |
35. Accreditation of certification bodies by Irish National Accreditation Board |
36. Suitable and specific measures for processing |
37. Limitation on transfers of personal data outside the European Union |
38. Processing for a task carried out in the public interest or in the exercise of official authority |
39. Communication with data subjects by political parties, candidates for and holders of certain elective political offices |
40. Processing of personal data and special categories of personal data by elected representatives |
41. Processing for purpose other than purpose for which data collected |
42. Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes |
43. Data processing and freedom of expression and information |
44. Data processing and public access to official documents |
Chapter 2 |
Processing of special categories of personal data and processing of personal data relating to criminal convictions and offences |
45. Processing of special categories of personal data |
46. Processing of special categories of personal data for purposes of employment and social welfare law |
47. Processing of special categories of personal data for purpose of legal advice and legal proceedings |
48. Processing of personal data revealing political opinions for electoral activities and functions of Referendum Commission |
49. Processing of special categories of personal data for purposes of administration of justice and performance of functions |
50. Processing of special categories of personal data for insurance and pension purposes |
51. Processing of special categories of personal data and Article 10 data for reasons of substantial public interest |
52. Processing of special categories of personal data for purposes of Article 9(2)(h) |
53. Processing of special categories of personal data for purposes of public interest in the area of public health |
54. Processing of special categories of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes |
55. Processing of personal data relating to criminal convictions and offences |
Chapter 3 |
Rights, and restrictions of rights, of data subject and restrictions on obligations of controllers |
56. Right of access to results and scripts of examination and results of appeal |
57. Rights in relation to automated decision making |
58. Direct marketing for purposes of Article 21 |
59. Restriction on right of data subject to object to processing for election purposes and processing by Referendum Commission |
60. Restrictions on obligations of controllers and rights of data subjects for important objectives of general public interest |
61. Restriction on exercise of data subjects’ rights: archiving purposes in the public interest, scientific or historical research purposes or statistical purposes |
PART 4 |
Provisions Consequent on Repeal of Certain Provisions of Data Protection Act 1988 |
62. Transfer of property of Data Protection Commissioner to Commission |
63. Transfer of rights and liabilities of Data Protection Commissioner to Commission |
64. Liability for loss occurring before establishment day |
65. Provisions consequent upon transfer of functions, assets, rights and liabilities to Commission |
66. Final accounts and final annual report of Data Protection Commissioner |
67. Saver for scheme relating to superannuation |
68. Saver for regulations under Act of 1988 |
PART 5 |
Processing of Personal Data for Law Enforcement Purposes |
Chapter 1 |
Preliminary and general (Part 5) |
69. Interpretation (Part 5) |
70. Application of Part 5 |
Chapter 2 |
General principles of data protection |
71. Processing of personal data |
72. Security measures for personal data |
73. Processing of special categories of personal data (Part 5) |
74. Data quality |
Chapter 3 |
Obligations of controllers and processors |
75. General obligations of controller with regard to technical and organisational measures |
76. Data protection by design and by default |
77. Security of automated processing |
78. Technical and organisational measures |
79. Joint controllers |
80. Processors |
81. Record of data processing activities |
82. Data logging for automated processing system |
83. Cooperation with Commission |
84. Data protection impact assessment and prior consultation with Commission |
85. Notification of personal data breach by processor |
86. Notification of personal data breach to Commission, etc. |
87. Communication of personal data breach to data subject |
88. Data protection officer |
Chapter 4 |
Rights, and restriction of rights, of data subject (Part 5) |
89. Rights in relation to automated decision making (Part 5) |
90. Right to information |
91. Right of access |
92. Right to rectification or erasure and restriction of processing |
93. Communication with data subject |
94. Restrictions on exercise of data subject rights (Part 5) |
95. Indirect exercise of rights and verification by Commission |
Chapter 5 |
Transfers of personal data to third countries or international organisations |
96. Transfer to third country or international organisation |
97. Adequacy decision |
98. Transfer subject to appropriate safeguards |
99. Derogations for specific situations |
100. Transfer to recipient in third country |
Chapter 6 |
Independent supervisory authority |
101. Functions of Commission under Part 5 |
102. Power of the Commission to advise and issue opinions |
103. Mutual assistance |
104. Requests by Commission for mutual assistance |
PART 6 |
Enforcement of Data Protection Regulation and Directive |
Chapter 1 |
Preliminary |
105. Interpretation (Part 6) |
106. Service of documents (Part 6) |
Chapter 2 |
Enforcement of Data Protection Regulation |
107. Interpretation (Chapter 2) |
108. Complaints under Chapter 2: General |
109. Commission to handle complaint under Chapter 2 |
110. Commission may conduct inquiry into suspected infringement of relevant enactment |
111. Decision of Commission where inquiry under Chapter 2 conducted of own volition |
112. Decision of Commission where inquiry conducted in respect of complaint to which Article 55 or 56(5) applies |
113. Complaint to which Article 60 applies |
114. Commission to adopt decision in certain circumstances |
115. Exercise by Commission of corrective power |
116. Notification of decision of Commission under Chapter 2 |
117. Judicial remedy for infringement of relevant enactment |
Chapter 3 |
Enforcement of Directive |
118. Interpretation (Chapter 3) |
119. Data subject may lodge complaint with Commission |
120. Representation of data subjects |
121. Complaints under Chapter 3: General |
122. Commission to handle complaint under Chapter 3 |
123. Commission may conduct inquiry into suspected infringements of relevant provision |
124. Decision of Commission in respect of inquiry under Chapter 3 conducted of own volition |
125. Decision of Commission where inquiry conducted in respect of complaint under Chapter 3 |
126. Notification of decision of Commission under Chapter 3 |
127. Corrective powers of Commission (Chapter 3) |
128. Judicial remedy for infringement of relevant provision |
Chapter 4 |
Inspection, Audit and Enforcement |
129. Authorised officers |
130. Powers of authorised officers |
131. Search warrants |
132. Information notice |
133. Enforcement notice |
134. Circumstances in which application may be made to the High Court for suspension or restriction of processing of data |
135. Power to require report |
136. Data Protection Audit |
Chapter 5 |
Investigations |
137. Investigations |
138. Conduct of investigation under section 137 |
139. Investigation report |
140. Commission to consider investigation report |
Chapter 6 |
Administrative Fines |
141. Power of Commission to decide to impose administrative fine: General |
142. Appeal against administrative fine |
143. Circuit Court to confirm decision to impose administrative fine |
Chapter 7 |
Offences |
144. Unauthorised... |
To continue reading
Request your trial