Data Protection is the safeguarding of privacy rights of individuals in relation to the processing of personal data. If you or your organisation collects, stores or processes data on any individual you are a data controller. Every data controller has a responsibility in relation to the information that is processed.
On April 10th 2003, The President signed the Data Protection (Amendment) Act, 2003 which will become law on July 1st 2003. The Amended Data Protection Act has been extended to incorporate all manual records as well as electronic records. It is important to note however that the Act applies to all new manual records created from 1st July. It will only apply to existing manual records from 2007.
The Data Commissioner has outlined eight fundamental rules that apply to all data controllers. The role of the Commissioner is to ensure that all data controllers comply with the Data Protection Act. These rules can be summarised as follows:
Eight Rules of Data Protection:
1. Obtain and process information fairly
2. Keep it for one or more specified, explicit and lawful purposes
3. Use and disclose it only in ways compatible for these purposes
4. Keep it safe and secure
5. Keep it accurate, complete and up-to-date
6. Ensure that it is adequate, relevant and not excessive
7. Retain it for no longer than is necessary for the purpose of purposes
8. Give a copy of his/her personal data to that individual on request.
These provisions are binding for every data controller. Any failure to observe them would be a breach of the Act. If you would like to find out more about the Data Protection (Amendment) Act, 2003 please visit the official Data Protection Commission website at www.dataprivacy.ie
