Presentation is loading. Please wait.

Presentation is loading. Please wait.

INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.

Published byMagnus Turner Modified over 9 years ago

Similar presentations

Presentation on theme: "INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation."— Presentation transcript:

1 INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation

2 AGENDA Context The Legislation Definitions The Data Life Cycle The Data Subject Rights The Data Protection Commissioner Enforcement

3 WHY COMPLY WITH THE ACTS? ‘It’s the law of the land!’ Protection of Brand Avoid risk to Reputation Protection of trust – Employees – Suppliers – Customers Enables good decision-making Makes good business sense

4 CONTEXT Social Technological Historical Commercial

5 DATA PROTECTION AND ‘THE BRAND’

6 IRISH DATA PROTECTION LEGISLATION Data Protection Act (1988) – Only for automated processing – Only for certain data management activities Data Protection (Amendment) Act (2003) – Applies to manual as well as electronic data Electronic Communications Regulations (2011) – Specifically for online/electronic marketing

7 DEFINED TERMS Automated data Manual data Relevant Filing System Personal data Sensitive Personal data Processing

8 CHARACTERS IN THE ACTS Data Subject Data Controller Data Processor

9 THE DATA PROTECTION RULES The DP Characters 1. Acquire Fairly 2. Specified Purpose 3. Compatible Processing 4. Keep Safe 5. Keep Accurate 6. Adequate Processing 7. Retain / Destroy 8. Allow Access

10 RULE 1 – FAIRLY OBTAINING DATA Setting Data Subject Expectations The Fair Processing Notice – Verbal – Electronic – Graphic Lawful processing conditions – Section 2(a) – ‘Ordinary Data’ – Section 2(b) – ‘ Sensitive Personal Data’ On-going fair processing

11 CONSENT / EXPLICIT CONSENT Should be… – Unambiguous – Freely given – Informed – An active indication

12 CONSENT FOR DIRECT MARKETING Default ‘opt out’ Active ‘opt in’ Indication of interest Prior purchase of product or service A reasonable expectation of interest Prior consent for calls to mobiles Identification and provision of contact details Message must include option to opt out Must use contact data at least once in a twelve-month period

13 LAWFUL USE OF DATA Rule 2 – Specific purpose or purposes – Consider minimum data requirements Rule 3 – Compatible processing – Only process in line with specified purpose(s) Rule 6 – Adequate, relevant, but not excessive use – Only process the minimum necessary to satisfy purpose

14 RULE 4 – KEEPING DATA SAFE Proportionality Acceptable use of available technology Applies equally to automated and manual data Importance of staff awareness Due diligence towards third parties – Contract must be in place! – Negotiation of contract clauses

15 RULE 5 – DATA ACCURACY “Data are inaccurate if they are incorrect or misleading as to any matter of fact” Data Controller obligation Frequency of checks Data quality criteria – Completeness – Consistency – Correct representation of reality – Fitness for Use

16 RULE 7 – DATA RETENTION AND DESTRUCTION Retention schedule – No specific guidelines within the legislation – UK National Archive guidelines – HIQA Recommendations Destruction policy – Constructive, verifiable method Rule applies equally to automated and manual data

17 RULE 8 – RIGHT OF ACCESS TO DATA Entitles the Data Subject to a copy of their own data Formal request process – Request in writing – Adequate identification – Payment of fee Controller’s Obligation to respond Opportunity to decline the request Exemptions

18 ROLE OF THE DP COMMISSIONER Helen Dixon – Irish DP Commissioner Role enshrined in the legislation Responsible for dissemination of legislation Interpretation of legislation in various circumstances Enforcement of lawful processing Investigation on request Prosecution in the event of a breach

19 DATA PROTECTION OFFICER (PROPOSED) The Controller or Processor processing more than 5000 records must designate a Data Protection Officer ('DPO') Governance of organisation’s data management Drafting, deployment and compliant with data policies Influencing system and functional changes Being the ‘go to’ person for DP issues Currently an optional role within organisations May soon be mandatory in certain circumstances

20 ENFORCEMENT OF LEGISLATION ‘Triable either way’ legislation Summary Prosecution – capped at €3,000 / €5,000 Indictment prosecution – capped at €100,000 / €250,000 Formal notices Information Enforcement Prohibition Mandatory breach notification Reputational damage of a breach Cost of recovery of market share, good will, trust

21 SO WHY COMPLY WITH THE ACTS? ‘It’s the law of the land!’ Protection of Brand Avoid risk to Reputation Protection of trust – Employees – Suppliers – Customers Enables good decision-making Makes good business sense

22 SYTORUS LTD. – WHO WE ARE Data Protection Consultancy Training Introductory DPO Certification Tailored to sector Data Management Assessments Interim Data Protection Officer Liaison with Office of the DP Commissioner Visit www.sytorus.com

Download ppt "INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation."

Similar presentations

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Information & Compliance UL University of Limerick & UL employees obliged to comply with certain legislation, including: Freedom of Information.

Information & Compliance UL University of Limerick & UL employees obliged to comply with certain legislation, including: Freedom of Information.
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
Customer Service & Customer Protection in MANSELL

Customer Service & Customer Protection in MANSELL
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection and Records Management

Data Protection and Records Management
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Www.nationalsmartcardproject.org.uk www.scnf.org.uk National Smartcard Project Work Package 8 – Information Law Report.

National Smartcard Project Work Package 8 – Information Law Report.
Data Protection Act 1998. Description The Data Protection Act controls how your personal information can be used and protects from the misuse of your.

Data Protection Act Description The Data Protection Act controls how your personal information can be used and protects from the misuse of your.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
Email Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.

Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Similar presentations

Ads by Google