Published on 

Minister Flanagan addresses Seanad on new Data Protection Bill 2018

The Minister for Justice and Equality, Charlie Flanagan TD, today addressed the Seanad during the Second Stage debate on the Data Protection Bill 2018. The enactment of the Bill, together with the entry into force of the EU General Data Protection Regulation (GDPR) on 25 May, will modernise Ireland’s data protection laws, strengthen data protection laws and create a consistent data protection regime across the European Union.

Speaking in the Seanad, the Minister said:

“In a nutshell, this legislation will introduce stronger rules on data protection. People will have more control over their personal data and businesses will benefit from a level playing field. The new legislation will introduce transparency so that people know what use their personal data may be put to. Information provided will have to be concise, transparent, intelligible and easily accessible format, using clear and plain language. It will no longer be acceptable to direct users to terms and conditions written in legal jargon.”

Minister Flanagan highlighted some of the strengthened rights for citizens, including the right to obtain access to personal data held; the right to ask for incorrect, inaccurate or incomplete personal data to be corrected; and the right to request that personal data be erased when it’s no longer needed or if processing it is unlawful.

The obligations placed on companies and public sector bodies that collect, use and store personal data are set to increase, but will do so in a measured and proportionate manner. The compliance burden will increase for some, but will be proportionate to risks for the rights and freedoms of individuals arising from any accidental or unlawful loss or disclosure of, or access to, their personal data. Some of the obligations of the GDPR will not apply to SMEs for which data processing is not a core part of the business and where the company’s activity doesn't create risks for individuals (for example the appointment of a Data Protection Officer).

The Minister said:

“While large companies have been gearing up for entry into force of the GDPR for some time, it is likely that the SME sector and micro-enterprises will continue to require assistance and support during the coming period of adjustment. Awareness raising activities have been under way for the last year and a half, involving conferences, seminars and workshops, and those activities will continue. Minister Pat Breen, who has special responsibilities in this policy area, has been very active in promoting awareness of the changes to come and I know he has an ambitious schedule planned for the coming months.  Practical guidance is also vital and I strongly recommend the Data Protection Commissioner’s web page “”. It contains a wealth of useful information and practical guidance for both business and individuals.”

Significant increases in levels of financial and staffing resources have been allocated to the Data Protection Commissioner in recent years. Staff levels have trebled from 30 in 2013 to almost 100. Additional funding of €4 million on 2018 will bring the overall budget to about €11.7 million and bring staff numbers to about 120.

It is the Government’s intention to have legislation in place by May when the GDPR will enter into force.