In February, Irish government ministers Charlie Flanagan and Pat Breen, announced publication of the Data Protection Bill 2018. This is an amendment to the Data Protection Act 1988 and focuses on the processing of personal data and the sharing and storing of that information. As both business owners and website managers you really need to know your responsibilities and obligations under this new amendment. For those of you who may have missed it, here’s an overview of the Data Protection Bill and what it means for your business.
New data protection rules you need to know
Business owners, both offline and internet based, need to understand their legal obligations to consumers under the new European data protection rules. Your website needs to reflect the coming changes so make sure your web designer is informed. The Data Protection Commissioner outlines 8 key areas that data controllers need to be clear about in terms of legal responsibility. This is vital info for all business owners because ‘any failure to observe them would be a breach of the act.’ The rules are:
1. Obtain and process information fairly
2. Keep it for only one or more specified and lawful purposes
3. Process it only in ways compatible with the purposes for which it was given to you initially
4. Keep it safe and secure
5. Keep it accurate and up to date
6. Ensure that it is adequate, relevant and not excessive
7. Retain it no longer than is necessary for the specified purpose or purposes
8. Give a copy of his/her personal data to any individual on request
You can explore each of these rules in depth by visiting the Data Protection website. In addition to the new rules, the Commissioner also states that certain data controllers are required to register with the Data Protection Commissioner. Are you responsible for managing or storing data in your company? Then go to the website now to find out if you need to register. You can also do a self-assessment on the site to ‘test how well or how poorly your business meets its data protection responsibilities.’ Don’t ignore this; doing so could result in fines against your business for breach of the bill. For more info on this visit Offences and Penalties.
The European Commission defines personal data as follows:
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data. Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the law. Personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer considered personal data. For data to be truly anonymised, the anonymisation must be irreversible.
The EC lists the following info as personal data
• name and surname
• home address
• email address
• an identification card number
• location data (for example the location data function on a mobile phone)
• an Internet Protocol (IP) address
• a cookie ID
• the advertising identifier of your phone
• data held by a hospital or doctor; it could be a symbol that uniquely identifies a person
Data protection, storage and technology
Data security and data privacy are still major concerns for many of us. The EC regulations now state that the law ‘protects personal data regardless of the technology used for processing that data – it’s technology neutral and applies to both automated and manual processing, provided the data is organised in accordance with pre-defined criteria (for example alphabetical order). It also doesn’t matter how the data is stored – in an IT system, through video surveillance, or on paper; in all cases, personal data is subject to the protection requirements set out in the GDPR.’
Source: European Commission
The purpose of the Data Protection Bill 2018
According to Merrian Street, the Irish Government News Source, the purpose of the bill is to modernise Ireland’s data protection laws and create a consistent data protection regime across the European Union. Together with enforcement of the EU General Data Protection Regulation (GDPR) on 25 May 2018, the Bill will offer a safer playing field for users and consumers. It will do this by strengthening the user’s control over their own personal data and more importantly, how that data may be used. The Bill will also detail ‘the responsibilities and obligations on those that collect, use and store personal data.’
Ministers Charlie Flanagan and Pat Breen
Data Protection Bill; more useful links
Download the Data Protection Bill 2018 pdf version
To learn more about Data Protection Bill visit Irish Government News Service
Contact Digitaledge
We’re a web design and digital marketing agency based in Galway. If you have any data privacy or data security concerns you’d like to address, email us or call 091 704830.
