Data Protection (Leaving Cert Business): Revision Notes
📚 Revision Notes
Data Protection
infoNote
The General Data Protection Regulation (GDPR) is a regulation in EU law that governs data protection and privacy for individuals, providing guidelines on how personal data should be collected, processed, and stored.
infoNote
Data Controller: An individual or organisation that determines the purposes and means of processing personal data, ensuring compliance with data protection laws.
infoNote
Personal Data: Information relating to an identifiable individual, such as name, address, email, phone number, or any data that can be used to identify a person directly or indirectly.
Role of Data Controllers
Under GDPR, Data Controllers are responsible for the following:
- Use for Purpose: Ensure personal data is collected and used only for specific, legitimate purposes.
- Provide Copy in 30 Days: Supply individuals with a copy of their personal data upon request within 30 days.
- Obtain Fairly: Acquire personal data in a lawful and transparent manner, with the individual's consent or a valid legal basis.
- Keep Data Secure: Implement measures to protect personal data against unauthorised access, loss, or damage.
- Delete When Finished: Remove personal data once it is no longer necessary for the intended purpose.
Rights of Data Subjects under GDPR
Under GDPR, a data subject is anyone who has their personal data held by a business or other organisation. They have the following rights:
- Obtain Information on Processing: Individuals have the right to know how their personal data is being used and processed.
- Copy in 30 Days: Individuals can request a copy of their personal data, which must be provided within 30 days.
- Have Data Corrected or Erased: Individuals can request corrections to inaccurate data or request the deletion of their data.
- Portable: Individuals have the right to transfer their personal data to another service or organisation in a structured, commonly used format.
Data Protection Commission
The Data Protection Commission (DPC) is the national authority responsible for upholding data protection rights and ensuring compliance with data protection laws in Ireland. Its responsibilities include:
- Regulatory Oversight: The DPC monitors and enforces compliance with data protection legislation, ensuring that organisations adhere to legal standards when processing personal data.
- Guidance and Advice: The DPC provides guidance and support to individuals and organisations on data protection rights and responsibilities, helping them understand and implement best practices.
- Investigations and Audits: The DPC conducts investigations into data breaches and audits organisations to assess their compliance with data protection laws.
- Handling Complaints: The DPC addresses complaints from individuals regarding the mishandling of their personal data and works to resolve disputes between data subjects and organisations.
- Public Awareness: The DPC promotes awareness and understanding of data protection issues among the public, empowering individuals to exercise their rights.
Implications of GDPR for Business
GDPR has had the following impacts on companies as they have to comply with the new legislation:
- Higher Data Protection Standards: Businesses must adhere to strict standards in collecting and processing personal data, ensuring high levels of data protection.
- More transparency regarding processing of Data: Businesses are required to be transparent about how they use and safeguard personal data, providing clear and simple communication to individuals.
- Fines for Data Breaches: Non-compliance with GDPR can result in fines up to €20 million or 4% of global turnover for data breaches.
- Compensation for Data Subjects: Individuals may seek compensation from businesses for damages resulting from GDPR violations.