Changes To Data Protection Law

Author:Ms Paula Kelleher
Profession:Dillon Eustace
 
FREE EXCERPT
  1. Introduction

    As of 1 October, 2007, subject to certain exemptions

    highlighted in this article, all persons that are established

    in Ireland (or using their own equipment in Ireland) and are

    either data controllers or data processors as

    such terms are defined in the Data Protection Act 1988 (the

    "1988 Act") as amended by the Data Protection

    (Amendment) Act, 2003 (the "2003 Act") (together, the

    1988 Act and the 2003 Act are referred to herein as the

    "Acts") are required to register with the Office of

    the Data Protection Commissioner (the "DPC").

    The Minister for Justice, Equality and Law Reform signed

    three Statutory Instruments on 26 September, 2007, which

    brought into operation Section 16 of 2003 Act, expanded the

    scope of manual data that is now subject to the Acts, and

    increased the fees payable by persons applying to be registered

    for the first time or renewing their registration. The

    principal result of these changes is that some firms that were

    subject to the registration requirements of the Acts are no

    longer required to register, others are required to register

    for the first time and some remain unaffected by the

    changes.

  2. Registration requirements prior to 1 October

    2007

    The registration regime under the Data Protection Act 1988

    stipulated that only certain specified categories of data

    controller were required to register with the DPC. Only data

    controllers who were prescribed in the Third Schedule to the

    1988 Act, or where they qualified as "financial

    institutions" or kept "sensitive data" as

    defined in the Acts, were required to register. "Financial

    institution" meant an entity that held a licence under the

    Central Bank Act, 1971, or a person referred to in Section 7(4)

    of such legislation (being ACC Bank plc, Bank of Scotland

    (Ireland) Ltd., the Post Office Savings Bank, a trustee savings

    bank certified under the Trustee Savings Banks Acts, 1863 to

    1965, a building society, an industrial and provident society,

    a friendly society, a credit union, an investment trust company

    or the manager under a unit trust scheme in respect of the

    carrying on of the business of the scheme). In addition, data

    processors whose business consisted wholly or partly in

    processing personal data on behalf of data controllers were

    required to register.

    The 2003 Act clarified that the legislation only applied to

    firms established in Ireland or firms using their own equipment

    in Ireland. The use of third party equipment alone did not

    require the firm to register in Ireland. The firm only needed

    to register as a data controller if it maintained its own

    equipment such as a server or...

To continue reading

REQUEST YOUR TRIAL