Global menu

Our global pages

Close

Data Protection Commissioner Launches 2016 Annual Report

  • Ireland
  • General

12-04-2017

On Tuesday 11 April 2017, the Data Protection Commissioner (“DPC”), Helen Dixon, launched “The 2016 Annual Report of the Data Protection Commissioner of Ireland.”

Highlights

Some highlights of the 2016 report, her third annual report since taking the position of DPC, are:

  • A significant increase in the number of complaints, rising from 1,438 in 2016 from 1,015 in 2015;
  • Increased queries being dealt with by the DPC. The DPC dealt with 15,335 email queries, 16,744 calls to the helpdesk and 1,150 postal queries;
  • The performance of more than 50 audits and inspections of various entities, including state agencies;
  • 9 successful prosecutions for electronic marketing offences and 2 successful prosecutions against private investigators for breaches of access rights;
  • The commencement of the High Court case involving standard contractual clauses, seeking reference to CJEU; and
  • The commencement of preparatory work in advance of the General Data Protection Regulation.

The report highlights the growing importance individuals place on their data protection rights. This is clearly evident with the continued increase in the number of complaints received by the DPC involving data access requests over the last number of years and it would seem that in 2016 this was equally as high (56%). In addition to data access requests, there was also an increase in complaints in relation to “right to be forgotten”. 

The General Data Protection Regulation (“GDPR”)

The DPC once again highlights the impending GDPR and the fact that it will be focusing on getting ready internally and helping organisations get prepared for this new era in data protection. The DPC has also indicated that pushing out guidance to organisation’s in relation to the GDPR will be a key priority.

With just over 12 months to go, organisations should seek to ensure that awareness of data protection compliance internally is a key focus during this time in order to be ready for the 25 May 2018 deadline. This is particularly relevant as the DPC has confirmed that it “welcomes the greater enforcement focus of the GDPR as a means of driving improved standards of compliance with data protection law over and above what we see today”.

The GDPR will significantly increase the accountability and compliance obligations of organisations that process personal data (including both data controllers and data processors).

Audits and Investigations

Similar to the 2015 Annual Report, the DPC identified a number of key issues as part of its audit findings, which included the following:

  • Employer seeking PPSN – The DPC indicated that an employer has no basis to capture a candidate’s PPSN at the application stage of the recruitment process and that a PPSN should only be sought when an employee has been successful;
  • CCTV Policy and Signage – Transparency is essential and certain information must be supplied to the data subject before any personal data can be recorded, including the purpose for which such a CCTV system is in operation;
  • Enforced Data Subject Access Requests – The DPC highlighted that it continued to find instances of inappropriate uses of enforced data subject access requests despite the fact that Section 4(13) of the Data Protection Acts 1988 and 2003 (as amended) prohibits enforced data subject access requests;
  • Marketing – The DPC once again stressed that organisations must ensure that they have received consent from an individual to receive marketing and that each communication must include an option to unsubscribe; and 
  • Data Retention – The requirement to retain personal data only for as long as is necessary was once again highlighted by the DPC. Organisations should determine and implement appropriate retention periods for personal data (including having regard to their statutory obligations).

The 2016 Annual Report reflects the DPC’s commitment to drive better compliance with data protection legislation and pursue appropriate enforcement action where necessary.

Disclaimer

This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full terms and conditions on our website.

< Go back

Print Friendly and PDF
Register to receive regular updates via email.