Frequently Asked Questions on Data Protection

Question 1: What are the eight Principles of the Data Protection Act

Anyone processing personal data must comply with the eight enforceable principles of good practice. They say that data must be: fairly and lawfully processed; processed for limited purposes; adequate, relevant and not excessive; accurate; not kept longer than necessary; processed in accordance with the data subject's rights; secure; not transferred to countries without adequate protection.

Question 2: What does that Act mean by personal information/data?

Personal data means data relating to a living individual who is, or can be, identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the Data Controller.

Question 3: How are the Acts enforced?

The Acts (1988 & 2003) establishes the office of the Data Protection Commissioner. The Commissioner's role is to ensure that those who keep personal information on computer comply with the provisions of the Act. The Commissioner has a wide range of enforcement powers to assist him/her in ensuring that the principles of data protection are being observed. These powers include the serving of legal notices compelling a data controller to provide information needed to assist his enquiries, or compelling a data controller to implement a provision of the Act. The commissioner also investigates complaints made by the public and has wide powers in this area also. He/she can authorise for officers to enter premises and inspect personal information kept on computer. The HSE can be fined up to 100,000 if guilty under the Act.

Question 4: Who is the current Commissioner?

Helen Dixon is the current Commissioner. The Office is located at:  

Canal House,
Station Road,

LoCall 1890 25 22 31
Phone 00353 57 868 4800
Fax 00353 57 868 4757