BASIS: Business Access to State Information and Services An Irish eGovernment Initiative.
     
Abhaile Faoi BASIS Déan Teágmhail linn Aiseolais Naisc Mapa an tSuímh Séanadh
    
 Home  >  Life Events  >  Cúrsaí Fostaíochta  >  Cearta Fostaíochta agus Conarthaí  >  Cosaint Sonraí
Printer Friendly

Cosaint Sonraí

Stórálann a lán gnólachtaí eolas pearsanta ar a gcustaiméirí, ar a gcliaint nó ar a bhfostaithe. Pléitear oibleagáidí na ngnólachtaí faoin reachtaíocht a bhaineann le Cosaint Sonraí anseo.

Transferring Personal Data to Third Countries
A guide to the Data protection rules regarding transferring data to third countries.

Transfer of Data to Third Countries

A Summary of the New Data Protection Rules

  • Section II of the Data Protection Acts 1988 and 2003 specify conditions that must be met before personal data may be transferred to third countries. The main points of the new rules are briefly summarised below.
  • Organisations that transfer personal data from Ireland to third countries ? i.e. places outside of the European Economic Area (EEA)[1] ? will need to ensure that the country in question provides an adequate level of data protection. Some third countries have been approved for this purpose by the EU Commission. The US ?Safe Harbour? arrangement has also been approved, for US companies which agree to be bound by its data protection rules. In the case of countries that have not been approved in this way, there are a number of different measures that a data controller must take to meet this requirement. These measures include obtaining the consent of the individuals in question, or alternatively using EU-approved ?model contracts? which contain data protection safeguards.
  • The new rules clarify the level of security measures that organisations must have in place to protect personal data. Generally speaking, organisations must take all necessary and reasonable steps, having regard to the state of current technology, and to the sensitivity of the personal data in question.
  • If you retain the services of an agent to process personal data on your behalf ? a ?data processor? ? then you must use a contract in writing (or equivalent form) which deals adequately with issues of security, confidentiality and other data protection matters.
  • The current rules regarding the application of the Data Protection Acts to foreign data controllers, and to personal data kept outside Ireland, will be deleted, and replaced with simpler, clearer rules. In essence, the Acts will apply to all data controllers ?established in Ireland? ? this includes any foreign data controllers which operate through an Irish intermediary. The Act will also apply to data controllers established outside the EEA which use equipment in Ireland to process personal data. These non-EEA data controllers must designate a representative in Ireland.

Note:The European Economic Area is made up of the EU countries plus Norway, Iceland and Liechtenstein.
Give your feedback to BASIS


Please email basis@deti.ie with any feedback.








 
Associated Links outside BASIS
 
Associated Documents within BASIS
Príobháideachas   Nascleanúint ar shuíomh idirlín BASIS
Level Double-A conformance icon, W3C-WAI Web Content Accessibility Guidelines 1.0 ©Copyright 2007 All rights reserved