Disclaimer

The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

PRIVACY STATEMENT

This Privacy Statement provides information about the ways in which the Data Protection Commission ('the Commission' or 'DPC') process the personal information provided to us.

Who we are?

The Data Protection Commission was established by the Data Protection Acts 1988 to 2018 ('the Data Protection Acts'). You can contact the Commission here

Under the GDPR and the Data Protection Acts, the Commission is responsible for monitoring the application of the GDPR in order to protect the rights and freedoms of individuals in relation to processing.

The tasks of the Commission include promoting public awareness and understanding of the risks, rules, safeguards and rights in relation to processing, handling complaints lodged by data subjects and cooperating with (which includes sharing information with) other data protection authorities in other EU Member States.

 

What is the General Data Protection Regulation (GDPR)?

The General Data Protection Regulation ('GDPR') applies from 25 May 2018 and significantly changes data protection law in Europe, strengthening the rights of individuals and increasing the obligations on organisations. The GDPR is designed to give individuals more control over their personal data. (A copy of the GDPR is available here).

The key principles under the GDPR are lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality, and accountability (Article 5 of the GDPR).

Under GDPR data subjects have increased rights. Guidance on these rights is available here.

The data subject rights are:

  1. The right to be informed (Articles 12 - 14 of the GDPR);
  2. The right to access information (Article 15 of the GDPR);
  3. The right to rectification (Articles 16 & 19 of the GDPR);
  4. The right to erasure (Articles 17 & 19 of the GDPR);
  5. The right to data portability (Article 20 of the GDPR);
  6. The right to object to processing of personal data (Article 21 of the GDPR);
  7. The right of restriction (Article 18 of the GDPR) and,
  8. Rights in relation to automated decision making, including profiling (Article 22 of the GDPR).

 

Where personal data is kept by the Commission for the performance of its functions, the rights of data subjects and the obligations of the Commission, as a data controller, provided for in Articles 12 to 22 and 34 (which relates to communicating personal data breaches to data subjects) and in Article 5, GDPR (in so far as any of its provisions correspond to the rights and obligations in Articles 12 to 22) are restricted (Section 60(3)(c)(i), Data Protection Acts).

This means, for example, that the Commission does not have to respond to access requests for personal data under the GDPR where the personal data is kept for the performance of the Commissions' functions (e.g. complaint handling).

If you require further information in relation to your rights and this restriction, you can contact our Data Protection Officer (DPO) here.

 

Changes to our Privacy Statement:

Update (20.09.2018). This Privacy Statement is  currently being reviewed.

Please note:
This Privacy Statement is not intended to be a comprehensive Privacy Statement/Notice as required by Articles 13 and 14 of the GDPR, given the restriction for personal data kept by the Commission for the performance of its functions.

 

USING OUR WEBSITE & COOKIE POLICY:

The Data Protection Commission has two websites – www.dataprotection.ie and a focused website for the GDPR www.gdprandyou.ie.

A new website for the Commission is under development and will be available soon. This new website will focus on the GDPR and the new data protection legislation.

This Cookie Policy relates to www.dataprotection.ie

 

What is a cookie?
A cookie is a small text file that may be stored on your computer or mobile device that contains data related to a website you visit. It may allow a website “remember� your actions or preferences over a period of time, or it may contain data related to the function or delivery of the site. Cookies can be set by the owner of the website or in some cases by third party services the website owner allows to present other information, run content or provide other functionality such as analytics.

Further information on cookies can be found at: http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm

 

How are they used on this site?

www.dataprotection.ie uses cookies only for functionality that is strictly necessary for services that are explicitly requested by the user for their session as per Regulation 5(5), SI 336 of 2011 (the ePrivacy Regulations).  This website uses session cookies. Session cookies are used to deliver the basic functions of a website i.e. to allow pages to remember technical changes or selections you may make between pages. Session cookies are temporary cookies and are generally erased when you close your browser.

 

We use a session cookie to remember your language preference when viewing the site. This session cookie (called USERLANG) is erased when you close your browser or after 5 minutes of inactivity.

dataprotection.ie does not use any third party or persistent cookies.

Managing Cookies
Within your browser you can choose whether you wish to accept cookies or not. Different browsers make different controls available to you and so we provide links below to popular manufacturers' instructions on how you can do this. Generally, your browser will offer you the choice to accept, refuse or delete cookies at all times, or those from providers that website owners use ("third party cookies"), or those from specific websites.