Law: Data Protection Act, 2013 (No. 10 of 2013) (the Act)

Regulator: The Information Commissioner

Summary: On October 28, 2013, the Data Protection Act, 2013 (No. 10 of 2013) (the Act) was assented to by the Governor-General. The Act creates obligations for public and private bodies by establishing certain principles regarding the use of information, which include the principles of notice and choice, disclosure, security, integrity, and access. It also provides various rights to data subjects, such as the right of access, the right to rectification of personal data, and the right to not have their sensitive personal data processed unless certain conditions apply. Further, the Act appoints the Information Commissioner, established under the Freedom of Information Act, 2004 as the authority relevant for carrying out and enforcing the protection of data pursuant to its provisions.