1. Introduction As of 1 October, 2007, subject to certain exemptions highlighted in this article, all persons that are established in Ireland (or using their own equipment in Ireland) and are either data controllers or data processors as such terms are defined in the Data Protection Act 1988 (the "1988 Act") as amended by the Data Protection (Amendment) Act, 2003 (the "2003 Act") (together, the 1988 Act and the 2003 Act are referred to herein as the "Acts") are required to register with the Office of the Data Protection Commissioner (the "DPC"). The Minister for Justice, Equality and Law Reform signed three Statutory Instruments on 26 September, 2007, which brought into operation Section 16 of 2003 Act, expanded the scope of manual data that is now subject to the Acts, and increased the fees payable by persons applying to be registered for the first time or renewing their registration. The principal result of these changes is that some firms that were subject to the registration requirements of the Acts are no longer required to register, others are required to register for the first time and some remain unaffected by the changes. 2. Registration requirements prior to 1 October 2007 The registration regime under the Data Protection Act 1988 stipulated that only certain specified categories of data controller were required to register with the DPC. Only data controllers who were prescribed in the Third Schedule to the 1988 Act, or where they qualified as "financial institutions" or kept "sensitive data" as defined in the Acts, were required to register. "Financial institution" meant an entity that held a licence under the Central Bank Act, 1971, or a person referred to in Section 7(4) of such legislation (being ACC Bank plc, Bank of Scotland (Ireland) Ltd., the Post Office Savings Bank, a trustee savings bank certified under the Trustee Savings Banks Acts, 1863 to 1965, a building society, an industrial and provident society, a friendly society, a credit union, an investment trust company or the manager under a unit trust scheme in respect of the carrying on of the business of the scheme). In addition, data processors whose business consisted wholly or partly in processing personal data on behalf of data controllers were required to register. The 2003 Act clarified that the legislation only applied to firms established in...
Changes To Data Protection Law
|Author:||Ms Paula Kelleher|
To continue readingREQUEST YOUR TRIAL