Support Centre

Ireland

Summary

Law: Data Protection Act 2018 (the Act) and the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR)

Regulator: Data Protection Commission (DPC)

Summary: Ireland implemented the GDPR in 2018 through the Data Protection Act 2018 (the Act) which came into effect on May 25, 2018. The Act serves to repeal the Data Protection Act, 1988, and the Data Protection (Amendment) Act, 2003, except for provisions relating to the processing of personal data for the purposes of national security, defense, and international relations of the State. The Act sets out derogations including certain variations on when data subject rights can be exercised and the processing of special categories of data. The Data Protection Commission (DPC) has been particularly active in issuing guidance on various topics, including cookies, Data Protection Impact Assessments, and data breach notifications. The DPC has initiated several high-profile statutory inquiries, however, it only issued its first monetary penalties in May 2020 following a series of breach notifications from a state agency.

Insights

Article 37 of the General Data Protection Regulation (GDPR) obliges data controllers and processors to designate a data protection officer (DPO). As part of this obligation, data controllers and processors are also required to publish the contact details of the DPO and to communicate the DPO's contact details to relevant supervisory authorities. In part one of this Insight series, OneTrust DataGuidance focuses on the requirement to communicate DPO contact details to the relevant supervisory authorities, providing an overview of the rules and guidelines for DPO contact registration across Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the UK.

At the beginning of this year, the World Economic Forum Annual Meeting at Davos applauded the growth in artificial intelligence (AI), particularly generative AI. Against the backdrop of the world's biggest challenges, reports from Davos suggested that world leaders and business executives were cautiously optimistic for 2023. Reports have persisted throughout this year, with commentary lauding support for AI tech, while others point to a potential "dot.ai" bubble brewing. Time will unveil the answer. In the meantime, decisions regarding fintech and digital transformation point to an overarching mindset - investing in AI, with care.

In this Insight article, Rory O'Keeffe, Partner at Matheson LLP, will take you on a short journey through AI and Fintech, discussing their advantages and risks, focusing in particular on what the future holds for Ireland in this area.

On 20 March 2023, the Department of Enterprise, Trade and Employment published the General Scheme of the Digital Services Bill 2023 (the Bill). The Bill seeks to implement into domestic law aspects of Regulation (EU) 2022/2065 of October 19, 2022, on a Single Market for Digital Services and Amending Directive 2000/31/EC (Digital Services Act) (DSA). In this Insight article, Kate Colleary and Louise McCormack, from Pembroke Privacy Limited, provide an overview of the Bill, including its purposes and scope, and analyze its interplay with the DSA.

The Data Protection Commission ('DPC') published, on 17 December 2021, its final version of its guidance on the fundamentals for a child-oriented approach to data processing ('the Fundamentals')1. The Fundamentals introduce child-specific data protection interpretative principles and recommended measures to enhance the level of protection afforded to children against the data processing risks posed to them by their use of or access to services in both an online and offline world. Moreover, the Fundamentals also aim to assist organisations that process children's data by clarifying the principles in terms of the high-level obligations under the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), to which the DPC expects such organisations to adhere. This Insight provides an overview of the Fundamentals.

The General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and the Data Protection Act 2018 ('the Act') are the main pieces of legislation regarding data protection in Ireland. The Act supplements the GDPR and includes provisions relating to GDPR derogations, as well as establishes the Data Protection Commission ('DPC'). In part two of this Insight series on data protection considerations in the employment context, Kate Colleary, Founder & Director of Pembroke Privacy Limited, discusses the general requirements regarding the collecting, processing, and retaining of employee data, as well as the requirements regarding employee health data.

The General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and the Data Protection Act 2018 ('the Act') are the main pieces of legislation regarding data protection in Ireland. The Act supplements the GDPR and includes provisions relating to GDPR derogations, as well as establishes the Data Protection Commission ('DPC'). In part one of this Insight series on data protection considerations in the employment context, Kate Colleary, Founder & Director of Pembroke Privacy Limited, provides some background to the DPC and its relevant guidance, as well as the requirements regarding data protection at the recruitment level.