Text Size
Saturday, November 04, 2017

Principle 8 Data must be disclosed to the data subject on request, and corrected or destroyed where they so request

Individuals, including employees, are entitled to make an access request to a company in respect of personal data held by the company on them. There are detailed requirements set out in sections 3 to 5 of the Acts for handling access requests from individuals. Strict time limits apply so it is important that you have appropriate procedures in place to deal with access requests promptly. Staff should be trained in these procedures.

If you restrict the individual’s right of access, you must be entitled to do so under the Acts. In such an instance you must notify the individual within the relevant time limit, including reasons for the refusal and advising them of their right to complain to the Data Protection Commissioner. Limited restrictions include disclosure of medical data under certain circumstances, and the disclosure of opinions given with the intention that they be kept confidential.

Complaints about failures to comply with access requests have dominated complaints made to the Data Protection Commissioner in recent years. The Commissioner has enforced the rights of individuals to access requests in respect of their personal data on a number of occasions. Examples can be found in the form of case studies in the Commissioner’s annual reports or at www.dataprotection.ie and include the names of the companies responsible for the breaches.

Example Case Study - Case Study 7/2010

 

Complaints concerning access requests constituted 48% (or 562) of complaints received by the Data Protection Commissioner in 2011. 39% of complaints in 2010 concerned access requests. These statistics are high by historical standards reflecting a growth in awareness of consumers of the right to make access requests. The Data Protection Commissioner has shown on a number of occasions that he will not tolerate failures to comply with access requests and has used his statutory powers to secure compliance by firms. This has included the appointment of authorised officers to conduct unannounced inspections of business premises’ on behalf of the Commissioner for the purpose of obtaining information as to whether an access request has been fully complied with or not.

This case study concerned a company’s failure to fully comply with an access request made by one of its employees. The company also failed to respond appropriately to the Data Protection Commissioner when his Office investigated the complaint in respect of the failure to comply with the access request. The Commissioner concluded that the company was not respecting the data protection rights of the complainant and he appointed authorised officers under section 24 of the Acts to enter and inspect the company’s premises. Documents that were not provided to the complainant under the access request were found, examined and confirmed to contain personal data relating to the complainant. The company remained uncooperative when asked to furnish the remaining documents to the complainant causing the Commissioner to issue an Enforcement Notice on the company to supply all outstanding personal data to the complainant. The Commissioner confirmed that his Office would not hesitate to use its statutory powers to enforce an individual’s data protection rights.

Further information and example case studies can be found at www.dataprotection.ie

Who we are

Compliance Ireland is a financial services management consultancy based in Adelaide Road, Dublin 2. We specialise in regulatory affairs for the Irish financial services sector, handling both domestic and IFSC businesses.

Compliance Ireland is a 100% Irish-owned company established in 2006. We are a multi-disciplinary management consultancy practice and we take a rounded approach to your business. As qualified professionals by training we analyse the regulations affecting your business. As people with extensive business experience (we act as non-executive directors to a number of financial companies) we help you understand the impact of regulations and how to implement them in your specific business. We offer you unparalleled expertise and practical, workable solutions that can actually be implemented.

For more information on our team, click here.river


Compliance Ireland Regulatory Services Limited

13 Adelaide Road, 
Dublin 2, 
Ireland

Tel: +353 1 425 5962

This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it.  

Click here for map

About Us

Compliance Ireland are a multi-disciplinary management consultancy practice and we take a rounded approach to your business. As qualified professionals by training we analyse the regulations affecting your business. As people with extensive business experience we help you understand the impact of regulations and how to implement them in your specific business. We offer you unparalleled expertise and practical, workable solutions that can actually be implemented.


We have identified specific areas of most interest to our clients and have developed topic specific websites to complement our parent website: www.complianceireland.com

Privacy.ie is one such website - offering detailed information on data protection and privacy legislation, enforcement, breaking news and training and events.


Data protection and privacy issues are of great importance in all business and public sectors.  Since 2004 we have worked for firms on data protection and data privacy such as the following:

  • financial institutions
    • banks
    • investment managers
    • funds management & administration companies
    • mortgage and insurance brokers
    • insurance companies
    • credit unions
  • professional regulatory bodies
  • mobile telephone companies
  • 3rd party telecoms and subscription service companies
  • universities
  • government utilities /agencies
  • law firms
  • accountants
  • auctioneers and estate agents
  • manufacturers 

river


Please look through our website and find the information you need.  If you need to contact us, please send an email or call us on the number below and we will do our best to advise you with your issue.


Compliance Ireland Regulatory Services Limited

13 Adelaide Road, 
Dublin 2, 
Ireland

Tel: +353 1 425 5962

This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it.

Click here for map

What we do

We are a multi-disciplinary management consultancy practice and we take a rounded approach to your business. As qualified professionals by training we analyse the regulations affecting your business. As people with extensive business experience (we act as non-executive directors to a number of financial companies) we help you understand the impact of regulations and how to implement them in your specific business. We offer you unparalleled expertise and practical, workable solutions that can actually be implemented.


We provide:

  • training
  • audits
  • advice on data protection and privacy issues and other compliance issues


Data protection and privacy issues are of great importance in all business and public sectors.  Since 2004 we have worked in the following sectors on data protection and data privacy issues:

  • financial institutions
    • banks
    • investment managers
    • funds management & administration companies
    • mortgage and insurance brokers
    • insurance companies
    • credit unions
  • professional regulatory bodies
  • mobile telephone companies
  • 3rd party telecoms and subscription service companies
  • universities
  • government utilities /agencies
  • law firms
  • accountants
  • auctioneers and estate agents
  • manufacturers 

river

For more information on what we can provide, please look through our website.  Or if you would like to discuss your situation and how we can help, please contact us using the methods below.

Compliance Ireland Regulatory Services Limited

13 Adelaide Road, 
Dublin 2, 
Ireland

Tel: +353 1 425 5962

This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it.

Click here for map

About Compliance Ireland

Compliance Ireland is a financial services management consultancy based in Adelaide Road, Dublin 2. We specialise in regulatory affairs for the Irish financial services sector, handling both domestic and IFSC businesses.

Compliance Ireland is a 100% Irish-owned company. Compliance Ireland was founded in January 2004 by Peter Oakes. In November 2006 Kevin O'Doherty joined Compliance Ireland as partner and principal. Peter left Compliance Ireland in October 2010 to join the newly restructured Central Bank of Ireland as Assistant Director General of Enforcement. Kevin O'Doherty now leads Compliance Ireland.

Click to find out more about our Principal Kevin O'Doherty

We are a multi-disciplinary management consultancy practice and we take a rounded approach to your business. As qualified professionals by training we analyse the regulations affecting your business. As people with extensive business experience (we act as non-executive directors to a number of financial companies) we help you understand the impact of regulations and how to implement them in your specific business.

We offer you unparalleled expertise and practical, workable solutions that can actually be implemented.
 
MEET OUR TEAM

We also operate Ireland’s only websites dedicated purely to anti-money laundering issues, MiFID, data privacy and Solvency II issues:

www.antimoneylaundering.ie / www.mifid.ie / www.privacy.ie / www.solvencyii.ie

 

river

 

 Compliance Ireland Regulatory Services Limited

Lower Ground Floor, 13 Adelaide Road,

Dublin 2, Ireland

Tel: +353 1 425 5962

Fax: +353 1 633 5005

This email address is being protected from spambots. You need JavaScript enabled to view it.

Click here for map

More Articles...

  1. Welcome to www.privacy.ie
  2. AML Core Guidance Notes February 2012
  3. 4th EU AML Directive Proposals
  4. What is Money Laundering?

  • AML Consultancy Services +

    We are Compliance Ireland  We are Ireland’s leading specialist provider of regulatory, risk and corporate governance consulting, advisory and compliance training Read More

  • AML Directives +

    The third EU AML Directive came into force for EU member states on 15 December 2007. It resulted from the Read More

  • AML International Bodies +

    AML INTERNATIONAL BODIES  The following are other relevant international AML bodies.  Egmont Group  The Egmont Group of Financial Intelligence Units Read More

  • Financial Action Task Force +

    Financial Action Task Force (FATF) and the FATF Recommendations   FATF is an inter-governmental body that was set up in Read More

  • Criminal Justice Terrorist Offences Act 2005 +

    The Criminal Justice (Terrorist Offences) Act 2005 was signed into law on the 8th March 2005. Its provisions had immediate Read More

  • Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 +

     The Third Anti-Money Laundering Directive (2005/60/EC) was transposed into Irish law by the Criminal Justice (Money Laundering and Terrorist Financing) Read More

  • Credit Union Sectoral Guidance Notes +

    On the 7th February, the Department of Finance published the sectoral AML-CFT guidance notes for Credit Unions. The Guidance Note Read More

  • What to expect from the Central bank moving forward? +

      The work of the AML unit is not complete. Firms should expect more inspections as the annual program of Read More
  • 1
  • 2
  • 3

Newsletter