Data Protection Act

The Data Protection Acts 1988 and 2003 confer rights on individual as well as placing responsibilities on those persons processing personal data.  The Data Protection Acts are means by which the privacy rights of individuals are safeguarded.  Personal data means data relating to a living individual, who is or can be identified either from the data or in conjunction with other information.

Data controllers such as companies, sole traders, doctors etc., are those who either alone or with others control the contents and use of personal data.

The eight rules of Data Protection are;

1. Obtain and process information fairly
2. Keep it only for one or more specified, explicit and lawful purpose.
3. Use and disclose it only in ways compatible with these purposes.
4. Keep it safe and secure
5. Keep it accurate, complete and up to date
6. Ensure that it is adequate, relevant and not excessive
7. Retain if for no longer that is necessary for the purpose
8. Give a copy of his/her  personal data to an individual on request

A data controller found guilty of an offence under the Acts can be fined amounts up to €100,000 on conviction or indictment and/or may be ordered to delete all or part of the database.

Rule 4: Keep it safe and secure

Appropriate security measures must be taken against unauthorised access to alteration, disclosure or destruction of the data.  All waste paper, printouts, etc should be disposed of carefully.

Rule 7: Retain if for no longer than is necessary for the purpose or purposes.

This requirement places a responsibility on data controllers to be clear about the length of time for which data will be kept and the reason why the data is being retained.  It is a key requirement of Data Protection legislation as personal data collected for one purpose cannot be retained once the initial purpose has ceased.
You should assign specific responsibility to someone for ensuring that files are regularly purged.

This synopsis is for guidance purpose only. Datagroup would recommend the full reading of these Acts to ensure compliance. Further information can be obtained from www.dataprotection.ie

Datagroup, Strandfield Business Park, Kerlogue,
Rosslare Road, County Wexford
Tel: 053 9146685 Email: info@datagroup.ie

A WCDA.  Innovation Wexford/ Recycling 2000 Initiative
© Innovation Wexford | All Rights Reserved