Data Protection Commission
  
Protecting your personal privacy in the information age
About Us
Privacy Statement
For Individuals
For Organisations
Registration
Publications & Forms
FAQ
Guidance
Law
Enforcement
European Functions
Conferences
Training & Awareness
Links
Case Studies
News
  • Archives
  • Press Releases
A - Z
Teens
Home
Gaeilge
Know Your Rights
 
Text Only
Print

CONTENTS - FREQUENTLY ASKED QUESTIONS

Note: The attached frequently asked questions and answers have been formulated to be of assistance to both data subjects and data controllers. They are not comprehensive and are not binding on the Office of the Data Protection Commissioner in terms of how the Data Protection Acts will be interpreted as a case by case approach, depending on the specifics of each case, is adopted by this Office to complaints and other matters under consideration or investigation.

1. General
1.1 What is personal data?
1.2 What powers does the Data Protection Commissioner have?

(a) Investigations by the Data Protection Commissioner
(b) The Commissioner’s power to obtain information
(c) The Commissioner’s power to enforce compliance with the Acts
(d) The Commissioner’s power to prohibit overseas transfer of personal data
(e) The powers of "authorised officers" to enter and examine premises
(f) Appeals to the court against the Commissioner’s powers or decisions
(g) Prosecution of offences under the Data Protection Acts and S.I.535 of 2003

1.3 What is the difference between Freedom of Information and Data Protection?
1.4 What is meant by sensitive personal data?
1.5 What is excessive information?
1.6 Do data protection requirements apply to material placed on social networking sites?
1.7 What are my rights in relation to my exam results with my name being placed on a notice board, booklet or used at a conferral ceremony?
1.8 What is the difference between the Full Electoral Register and the Edited Electoral Register?
1.9 My travel agent has requested a large amount of personal information from me as part of the process of booking my holiday. Am I obliged to handover the information?
1.10 Can Management Companies disclose to all members details of those property owners / members that have not paid service charges?
1.11 A debt recovery organisation has contacted me for payment of import tax associated with an overseas purchase I made some time ago. How did they get my details?
1.12 I have supplied my CV and other personal information in response to a job advertisement which I now suspect was a bogus advertisement, is there anything I can do to minimise the risk of fraudulent activity?
1.13 I have a concern about images available through Google Streetview, what should I do?
1.14 I have received a toll notice from eflow, how did they obtain my details?
1.15 I want to circulate an email to a number of recipients, what are the data protection considerations?
1.16 Can a lender request a prospective borrower to carry out an ICB credit check for submission to the lender as part of the loan application process?
1.17 My personal information has been passed to a debt collection agency?

2. Direct marketing communications

2.1 What is direct marketing?
2.2 What is an unsolicited communication?
2.3 Are there ways of stopping unsolicited marketing contacts?
2.4 I am receiving nuisance/threatening phone calls
2.5 What is the NDD (National Directory Database) Opt Out register, and how can I get my telephone number recorded on this register? 
2.6  Does the NDD apply to mobile phones?   
2.7  How do I know what preference has been recorded?  
2.8 If my line provider fails to record my preference to be placed on the opt-out register of the NDD, what can I do?
2.9 Will I still receive marketing calls from people I do business with?
2.10 How do I remove a deceased person from a direct marketing database?
2.11 To whom do I complain?
2.12 Can I ask my customers to provide the electronic contact details of friends as part of a 'refer a friend' scheme so that I can market them about my products and services?
2.13 Can I ask my customers to inform their friends via my website as part of a 'tell a friend' scheme about my products and services?

3. Right of access / right of rectification
3.1 How can I see what information a body or company holds about me?
3.2 How did the Office of the Data Protection Commissioner come up with an access fee of €6.35?
3.3 Are there any exceptions to the right of access?
3.4 What if an organisation refuses to respond to my access request?
3.5 Can anyone else make an access request on my behalf?
3.6 What are my rights in relation to accessing account information held in my husband/wife's name?
3.7 What can I do if I find that personal data held about me is incorrect?
3.8 How can I get my credit rating / credit history?
3.9 What information is held about me on the insurance register?
3.10 What rights have I to access the script of an exam I undertook?
3.11 Can I access my medical records under the Data Protection Acts?
3.12 What are my rights in relation to correcting incorrect information including on a medical file?
3.13 Can I access personal data in relation to a deceased relative?
3.14 How can I amend personal data in relation to a deceased person?
3.15 What are the data protection issues associated with accessing historical information including school rolls / log books?
3.16 Should back-up data be considered as part of an access request?

4. Data protection in the workplace

4.1 Can my employer access my email or internet usage? / Can I access my employees’ email or internet usage?
4.2 What type of background checks can I carry out on potential employees?
4.3 How can I seek Garda vetting of a potential employee?
4.4 What is the position of the Office of the Data Protection Commissioner in relation to enforced subject access requests (i.e. where an employer forces his potential employee to make an access request to An Garda Síochána so that the employer can access the records of any criminal convictions)?
4.5 Can I ask my employees questions for statistical purposes?
4.6 What are the data protection requirements for organisations recording telephone calls?
4.7 Can the Office of the Data Protection Commissioner provide presentations or training for my employees?
4.8 Can my employer ask me to bring in my passport (to take a copy for HR records)?
4.9 Can my employer demand that my sick certificates set out the nature of my illness?
4.10 Can my employer use GPS / Vehicle Tracking Systems?
4.11 Can my employer post my photograph on the internet / staff intranet without my consent?

5. Biometrics

5.1 Can I introduce biometrics in my workplace? Can I introduce biometrics in my school / college?

6. Use of CCTV

6.1 What issues surround the use of CCTV?
6.2 What if I am asked by a law enforcement authority for access to the recordings?
6.3 What if I am asked for a copy of an image of a person who has been recorded?
6.4 Can my school introduce a new CCTV system?

7. Responsibilities of data controllers

7.1 Is my business covered by the Irish Data Protection Acts?
7.2 How long should personal data be held to meet the obligations imposed by the Acts?
7.3 How long can an insurance quote be held for?
7.4 I am compiling a new directory of contacts, what are the data protection considerations?
7.5 How do I make a privacy policy?
7.6 What security measures should I have in place to protect personal data from unauthorised access?
7.7 What do I do if there is a security breach?
7.8 Can I carry out market research with my own customers?
7.9 I want to transfer personal data out of Ireland. What do I need to do?
7.10 Does the Office of the Data Protection Commissioner have any material with advice on what should be contained in a contract between a data controller and a data processor?
7.11 Under what circumstances can I disclose personal data without the consent of the data subject?
7.12 What is the position in relation to personal data already in the public domain?
7.13 What is the position in relation to a sales representative with a list of clients, can she or he bring it with him when she/he leaves?
7.14 A Company is being taken over by another company. Does the new organisation need consent before medical files are transferred?

8. Registration

8.1 Registration with the Data Protection Commissioner

9. How do I make a complaint?

9.1 Making a complaint in relation to offences under S.I.535 of 2003, as amended by SI 526 of 2008
9.2 Submitting a complaint
9.3 Complaint outcome

10. Use of PPSN

10.1 In what circumstances can I seek a PPS number?  
10.2 Can a financial institution ask for my PPSN when I am opening a new account?   
10.3 Can my Landlord request my PPSN?
10.4 When applying for a new job, can a prospective employer seek the PPSN of candidates as part of the application process?
10.5 My PPSN is being sought in connection with a Non Principal Private Residence Property Tax return?






» Permanent Link

Office of the Data Protection Commissioner. Canal House, Station Road, Portarlington, Co. Laois, Ireland.
LoCall 1890 25 22 31 - Phone 00353 57 868 4800 - Fax 00353 57 868 4757 - email info@dataprotection.ie