The Minister for Justice and Equality today addressed the Dáil at the start of the Second Stage of the Data Protection Bill 2018. The Bill has already been passed by the Seanad.
The harmonised rules set out in the GDPR and the Data Protection Bill will ensure that the same data protection safeguards will operate across the EU. This will provide a level playing field for businesses, especially those involved in the cross-border provision of goods and services. Enhanced data protection standards will also be beneficial to the increasing numbers who avail of the Government’s online services.
The enactment of the Bill, together with the entry into force of the EU General Data Protection Regulation (GDPR) on 25 May, will modernise Ireland’s data protection laws, strengthen data protection laws and create a consistent data protection regime across the European Union.
The key purposes of the Bill are:
- to give further effect to the GDPR in the areas in which Member State flexibility is permitted;
- to transpose the Directive into national law – a transposition which must be done by May;
- to establish the Data Protection Commission as the State’s data protection authority with the means to supervise and enforce the enhanced protection standards enshrined in the GDPR and Directive in an efficient and effective manner, and
- to enact consequential amendments to various Acts that contain cross-references to the Data Protection Acts 1988 and 2003.
Following the coming into force of the GDPR, the basic data protection principles set out in the Data Protection Acts 1988 and 2003 will remain largely unchanged. However, GDPR rules will strengthen individual control over personal data and the purposes for which it may be used.
The obligations placed on companies and public sector bodies that collect, use and store personal data are set to increase, but will do so in a measured and proportionate manner. Both the GDPR and the Directive impose an obligation on all public authorities and bodies, as well as some private sector bodies, to designate a Data Protection Officer with responsibility to oversee data processing operations, and to report data breaches to the data protection authority.
While it is likely that large companies are prepared for the entry into force of the GDPR for some time, it is likely that the SME sector and micro-enterprises will continue to require assistance and support. Awareness raising activities have been under way for the last year and a half, and practical guidance is available on the Data Protection Commissioner’s web page “gdprandyou.ie”.
Speaking in the Dail today, the Minister said:
“The updated data protection rules will affect all of us in one way or another. It will affect each of us as individuals, because it will increase our control over the manner in which, and the purposes for which, our own personal data are used. It will affect businesses – whether large, medium or small – because it will require them to review, and update, the manner in which they collect, use or store the personal data of their customers and their clients, or any other individual whose personal data they retain. The same applies to Government Departments and all public bodies.
“This is an important bill with wide ranging provisions and its provisions have rightly received detailed scrutiny in the Oireachtas, both at pre-legislative stage and when the bill was before Seanad Éireann. A number of significant amendments, both government and opposition, were made to the bill in the Upper House. I look forward to engaging with Deputies as the Bill progresses through the Dáil.”