Key Takeaways From The Data Protection Commissioner's 2017 Annual Report

Author:Mr Bryan McCarthy and Sarah Slevin
Profession:Ronan Daly Jermyn
 
FREE EXCERPT

Introduction

It may be the last such report produced before the Office of the Data Protection Commissioner ("ODPC") evolves into the Data Protection Commission, but Helen Dixon's fourth Annual Report on the activities of the office during 2017 (the "Report") is certainly of no less significance. In fact, the Report gives us a useful insight into the ever-increasing public awareness of the importance of data protection and, consequently, provides a not-so-subtle hint as to the expanded and central role that the Data Protection Commission will play in European data protection in a post-GDPR society.

Generating media headlines in the immediate aftermath of the Report's publication were the figures on the increase in complaints to the ODPC last year, which rose by almost 80% on the previous year. However, these figures, whilst revealing, are not the only interesting element of the Report; much more of its contents should be examined in order to draw conclusions on the current status of data protection in Ireland.

Queries and Complaints to the ODPC

Firstly, however, to those complaints. The Report states that there were 2,642 complaints lodged with the ODPC last year, up from 1,479 in 2016. As has been the case in previous years, complaints about denied access to records made up the majority of these referrals, 1,372 (52%) in total.

Type of Complaint

Number of Complaints

Access rights

1,372

Disclosure

351

Unfair processing of data

312

Direct electronic marketing

215

Use of CCTV footage

77

Failure to secure data

46

Internet search-result delisting

44

Accuracy

43

Excessive data

43

Retention

41

Right of rectification

39

Specified purpose

18

Unauthorised access

14

Postal direct marketing

6

Biometrics

4

Miscellaneous

17

Total

2,642

The Report also describes a commendable level of matter completion within the ODPC, with 2,594 of those 2,642 complaints reaching a conclusion. Also to be noted, however, are the reasons why complaints were not resolved in favour of the complainant: such unsuccessful complaints often, according to the Report, derived from issues emanating from the effects of the financial crash (transfer of loan books, receiverships, etc.) This demonstrated that the data subject's grievance in these matters often related to the underlying action itself rather than data protection issues.

Data Breaches

A record number of data breaches were also notified to the ODPC, with 2,973 reported by organisations and members of the public. This represents a 26% increase on the previous year...

To continue reading

REQUEST YOUR TRIAL