This European Union Directive was created to regulate the processing of personal data in the EU detailed how personal data was also a free movement matter. This directive is an important part of EU law regarding human rights and privacy law.
A right to privacy is recognised in article 8 of the EU Convention on Human Rights.
Processing of personal data must be lawful, fair, adequate, relevant, not excessive and with a legitimate reason.
Legitimacy of obtained data is based on either unambiguous consent, to perform a contract, to protect the vital interest of the person, or for a legal obligation, or for a public interest matter or a legitimate interest of the data controller.
The directive states information must be given to the data subject, such as, controller identify, purpose of the data processing etc.
The directive provided for rights of access to the data subject which could only be restricted for a safeguard reason, such as, national security, defence, public security etc.
A data controller has obligations to have security measures in place to protect personal data.
Judicial remedies are afforded to persons where a liability arises.
Any transfer of data, such as, data from a website, which is transferred to non-EEA countries – there must be an adequate level of protection for the recipient of this data in the third country.
The supervisory authority in Ireland ie the data protection commission have powers of investigation, intervention, to engage in legal proceedings
Arising from the directive the working party was set up. This consists of one data protection commission supervisory authority rep from each state.
Need Legal Advice? No problem. Contact Us Today!
We can assist with legal advice on GPDR matters & Irish data protection law matters.
