The law governing Data Protection in Ireland is governed by the Data Protection Acts of 1998 and 2003. Furthermore, by Statutory Instrument 336 of 2011 and European Directive EC Directive 95/46.
The question of how to obtain data, keep data, retain data and process data is based on the eight data protection principals set out in the above legislation. The eight data protection principals provide a flexible framework of which any data controller or data processor can obtain, use, or process the data, and does provide strict parameters when trying to establish whether you are operating within the rules. You should always appeal to the eight following principals:
- Obtain and process information fairly.
- Keep the data only for one or more specified, explicit, and lawful purposes.
- Use that data and disclose it only in ways that are in line with the above purposes.
- Keep the data safe and secure.
- Keep the data accurate, complete and up-to-date.
- Ensure that the data is adequate, relevant, and not excessive to the use of which you are retaining it for.
- Retain the data for no longer than is necessary for the specific purpose or purposes of which you obtained it in the first instance.
- Give a copy of the personal data to the individual should he/she requests it.
For further information, please contact Data Protection Solicitors Carter Anhold in Sligo and Dublin.