Data Protection Act, 2012

Data Protection Act, 2012

# ARRANGEMENT OF SECTIONS

Section

Data Protection Commission

1. Establishment of Data Protection Commission
2. Object of the Commission
3. Functions of the Commission
4. Governing body of the Commission
5. Tenure of office of members
6. Meetings of the Board
7. Disclosure of interest
8. Establishment of committees
9. Allowances
10. Ministerial directives

Administration

1. Appointment of Executive Director
2. Functions of the Executive Director
3. Appointment of other staff

Finances of the Commission

1. Funds of the Commission
2. Accounts and audit
3. Annual report and other reports

Application of principles of data protection

1. Privacy of the individual
2. Processing of personal data
3. Minimality
4. Consent, justification and objection
5. Collection of personal data
6. Collection of data for specific purpose
7. Data subject to be made aware of purpose of collection
8. Retention of records
9. Further processing to be compatible with purpose of collection
10. Quality of information
11. Registration of data controller

Data Protection Act, 2012

1. Security measures
2. Data processed by data processor or an authorised person
3. Data processor to comply with security measures
4. Notification of security compromises
5. Access to personal information
6. Correction of personal data
7. Manner of access

Rights of data subjects and others

1. Right of access to personal data
2. Credit bureau as data controller

Processing of special personal data

1. Processing of special personal data prohibited
2. Exemption related to religious or philosophical beliefs of data subject
3. Right to prevent processing of personal data
4. Right to prevent processing of personal data for direct marketing
5. Rights in relation to automated decision-taking
6. Rights in relation to exempt manual data
7. Compensation for failure to comply
8. Rectification, blocking, erasure and destruction of personal data
9. Application of the Act

Data Protection Register

1. Establishment of Data Protection Register
2. Application for registration
3. Right to refuse registration
4. Grant of registration
5. Renewal of registration
6. Removal from Register
7. Cancellation of registration
8. Processing of personal data without registration prohibited
9. Access by the public
10. Duty to notify changes
11. Failure to register

Data Protection Act, 2012

1. Assessable processing
2. Appointment of data protection supervisors
3. Fees

Exemptions

1. National security
2. Crime and taxation
3. Health, education and social work
4. Regulatory activity
5. Journalism, literature and art
6. Research, history and statistics
7. Disclosure required by law or made in connection with a legal proceeding
8. Domestic purposes
9. Confidential references given by data controller
10. Armed Forces
11. Judicial appointments and honours
12. Public service or ministerial appointment
13. Examination marks
14. Examination scripts
15. Professional privilege

Enforcement

1. Enforcement notice
2. Cancellation of enforcement notice
3. Request for assessment
4. Determination by the Commission
5. Restriction on enforcement in case of processing for special purposes
6. Failure to comply with notice
7. Authorised officers

Records obtained under data subject's right of access