Justice Minister Charlie Flanagan jointly presented the draft Data Protection Bill 2018 with Minister of State for data protection Paul Breen. The bill is intended to repeal Data Protection Acts 1988 and 2003 when it passes through Parliament. The exception to this repeal is any personal data which is kept for national security and international relations reasons.
Introducing the General Data Protection Regulation (GDPR)
The new Data Protection Bill is intended to introduce the stipulations of GDPR into Irish law. Although GDPR becomes law across Europe on 25 May 2018, individual states do have the freedom to make some additions of their own.
In Ireland some of the content of the previous Data Protection Acts is being retained. This content includes the provision that enforced access requests, the disclosing of personal data without authorisation and the disclosing of personal data that was not correctly maintained, will remain as offences.
This is in addition to the stipulations of GDPR itself. The Bill also provides for non-profit organisations to lodge a complaint with the Data Protection Commission on behalf of a data subject. In this case there will never be an award of material compensation, but an injunction may be put in place or a declaration may be made.
Dealing with the Changes
Staffing levels will continue to increase in the Data Protection Commission, to help deal with the new rules and the increased levels of Supervisory Authority that comes with them. It is interesting to note that there will also be additional funding of 4 million Euros for the commission, in 2018.
The new Irish Data Protection Bill is now set to be discussed in Parliament, with the intention that it will be put in place by the time that GDPR becomes law, in May 2018.