An overview of the enforcement procedures introduced by the enactment of the Data Protection (Amendment) Act, 2003.
Powers and Functions of the Data Protection Commissioners
The new Act gives the Data Protection Commissioner a more proactive role. The Commissioner can initiate investigations to ensure that the Act is being complied with and can prepare codes of good practice as well as approving those drawn up by trade associations.
The Data Protection Commissioner?s powers to enforce the Data Protection Act are strengthened and clarified. In particular, the Commissioner now has the power to carry out investigations as he sees fit, in order to ensure compliance with the Act and to identify possible breaches. The Commissioner has indicated that he intends to use this power to conduct ?privacy audits? upon data controllers at random, and on a targeted, sectoral basis.
The Data Protection Commissioner must consider each application for registration to see whether especially risky or dangerous types of processing (as prescribed in Regulations) are involved. If so, the Commissioner must establish whether the processing is likely to comply with the Act. Any negative findings by the Commissioner may be appealed to court. Data controllers can also request that such ?prior checking? be carried out by the Data Protection Commissioner.
Codes of Good Practice
The Data Protection Commissioner will have a new power to prepare and publish ?codes of practice? for guidance in applying data protection law to particular areas. This supplements the Commissioner?s existing power to approve codes of practice drawn up by trade associations. Both types of code ? whether drawn up by the Commissioner or by trade associations ? may be put before the Oireachtas to have statutory effect.