Data Protection - What are your obligations?

Added: Wednesday, February 03, 2016

A Data Controller is a person or organisation that controls and is responsible for storing personal information either on a computer or in hard form. If you are a data controller you must comply with the eight fundamental rules of data protection. The rules state that data controllers must;

i. Obtain and process data fairly

ii. Keep the data only for one or more specified, explicit and lawful purpose

iii. Use the data and disclose it only in ways compatible with these purposes

iv. Keep the data safe and secure

v. Keep the data accurate, complete and up-to-date

vi. Ensure that the data is adequate, relevant and not excessive

vii. Retain it for no longer than is necessary for the purpose(s) for which it was collected

viii. Give a copy of an individual’s personal data to him/her on request

A Data Processor is a person or organisation that processes personal data but does not exercise control or responsibility for the personal data.
A person or organisation could be both a data controller and a data processor. Data controllers are subject to compliance with data protection legislation. Data processors are not subject to compliance with data protection legislation in the same manner as data controllers. The primary responsibility of data processors is to only process the personal data on the authorisation and instruction of the data controller and to have in place specific safeguards for the security and protection of the personal data. Data controllers must ensure that they are carrying out their functions in compliance with Data Protection legislation as if they are found to be in breach of the legislation they risk being convicted of an offence. 

For furhter information on data protection and compliance please contact Thelma Kelly at John Nash Solicitors, Loughrea, County Galway at 091 841442 or at