Data Protection Act 2018 (Section 60(6)) (Central Bank of Ireland) Regulations 2019.

• Statutory Instrument No.: 537/2019
• Published date: 05 November 2019

Notice of the making of this Statutory Instrument was published in

“Iris Oifigiúil” of 5th November, 2019.

I, PASCHAL DONOHOE, Minister for Finance, in exercise of the powers conferred on me by section 60(6) of the Data Protection Act 2018 (No. 7 of 2018), and having duly complied with subsections (9)(b) and (10) of section 60 of that Act, hereby make the following regulations with respect to which, pursuant to section 6 of that Act, a draft has been laid before each House of the Oireachtas and a resolution approving the draft has been passed by each such House:

Citation and commencement

1. (1) These Regulations may be cited as the Data Protection Act 2018 (section 60(6)) (Central Bank of Ireland) Regulations 2019.

(2) These Regulations come into operation on 30 October 2019.

Definitions

2. In these Regulations—

“Act of 2018” means the Data Protection Act 2018 (No. 7 of 2018);

“Act of 1942” means the Central Bank Act 1942 (No. 22 of 1942);

“Article 10 data” has the same meaning as it has in section 55 of the Act of 2018;

“Bank” means Central Bank of Ireland;

“deposit guarantee scheme” has the same meaning as it has in the European Union (Deposit Guarantee Schemes) Regulations 2015 ( S.I. No. 516 of 2015 );

“enactment” has the same meaning as it has in the Interpretation Act 2005 (No. 23 of 2005);

“financial service provider” has the same meaning as it has in the Act of 1942;

“financial services legislation” has the same meaning as it has in the Central Bank (Supervision and Enforcement) Act 2013 (No. 26 of 2013);

“regulated financial service provider” has the same meaning as it has in the Act of 1942;

“relevant function” shall be construed in accordance with Regulation 3;

“relevant objective” shall be construed in accordance with Regulation 4.

Relevant function - meaning

3. In these Regulations, “relevant function” means a function of the Bank under—

(a) financial services legislation,

(b) the Treaty on the Functioning of the European Union, or

(c) the Statute of the European System of Central Banks and of the European Central Bank,

which relates directly or indirectly to one or more of the following:

(i) monetary policy;

(ii) contributing to the stability of the financial system;

(iii) protecting the best interests of consumers of financial services;

(iv) regulating financial service providers;

(v) regulating financial markets;

(vi) supervising compliance with financial services legislation;

(vii) enforcing compliance with financial services legislation;

(viii) collecting information for analysis or statistical purposes;

(ix) resolution of regulated financial service providers;

(x) operating a deposit guarantee scheme or other compensation or customer protection scheme;

(xi) operating the Central Credit Register.

Relevant objective – meaning

4. In these Regulations, “relevant objective” means an objective—

(a) referred to in paragraph (b), (c), (d), (e), (f), (g), (i), (j), (k), (l) or (m) of section 60(7) of the Act of 2018, and

(b) pursued by the Bank in exercising a relevant function.

Scope: categories of personal data

5. These Regulations apply to personal data (including special categories of personal data and Article 10 data), in respect of which the Bank is the controller, processed by the Bank.

Scope: purpose of processing

6. These Regulations apply to the processing by the Bank of personal data to which these Regulations apply in the pursuit of a relevant objective.

Restriction

7. (1) The rights and obligations provided for in Articles 12 to 22 and Article 34, and Article 5 (in so far as any of its provisions correspond to the rights and obligations in Articles 12 to 22), of the Data Protection Regulation, in respect of processing to which these Regulations apply, are restricted to the extent that such a restriction is—

(a) necessary to safeguard a relevant objective, and

(b) proportionate to the need to safeguard that relevant objective,

including, but not limited to, where the exercise of the right or compliance with the obligation, as the case may be—

(i) may interfere with—

(I) the prevention, detection or investigation of breaches...