On the 11th April, the Data Protection Commissioner Helen Dixon released her Annual Report. This is her third annual report since taking up office in September 2014.
The Data Protection Commissioner is the national independent authority responsible for upholding the right to have personal data protected. This is a fundamental EU right of individuals, who can make complaints directly to the DPC where their data is not being properly protected.
Enforcement
The Report highlighted an increase in such complaints, with 1,479 individual complaints investigated in 2016.The most common complaint (56%) was in relation to data access requests. 2,224 valid data-security breaches were recorded, a small decrease from 2015.
The DPC highlighted continuing low compliance with individuals’ access rights to their personal data and has run a campaign emphasise organisations’ obligations in this regard.
She also noted concerns in the following areas:
- Organisations failing to ensure that individuals are adequately informed of how their data is being processed;
- Monitoring of employees with CCTV, without adequately explaining the rules around such monitoring to employees, particularly in relation to the use of CCTV in disciplinary processes;
- Disclosure of individuals’ data to third parties, including spouses or family members.
The DPC also noted that the Tánaiste and Minister for Justice and Equality have indicated that the law on powers of investigation into electronic communications is to be reviewed. The DPC notes that she “would welcome an early output of this process”.
New legal frameworks for Data Protection
The DPC noted the enactment of the General Data Protection Regulation (GDPR) in May 2016, which she says “promises a significantly greater ability for each of us to more effectively control and understand the uses of our personal data”.
In summer 2016, ‘Privacy Shield’ was agreed between the US and the EU Commission as a replacement for the stricken Safe Harbour agreement. This forms a legal basis for the transfer of personal data from the EU to the US by qualifying companies.
The DPC Office
It was a year of change for the Office of the Data Protection Commissioner, which moved to new offices in Fitzwilliam Square, Dublin 2, and expanded to almost 70 staff after “a year of strong targeted recruitment”. The Office of the DPC also launched a fast-growing Twitter presence through which to issue guidance to industry on new concepts in Data Protection.
At Hughes Murphy Solicitors we are uniquely placed to offer
expert advice on all aspects of Data Protection.
To learn more, free-phone on 1800 910 912 or submit
our Contact Form to receive a call back.