Data Protection and its Scope
Data Protection and its Scope
Data protection is a fundamental right set out in Article 8 of the (opens in a new window)EU Charter of Fundamental Rights, which states:
- Everyone has the right to the protection of personal data concerning him or her.
- Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
- Compliance with these rules shall be subject to control by an independent authority.
In Ireland the (opens in a new window)Data Protection Commission (DPC) is responsible for overseeing that the rights of individuals, as set out in data protection legislation, are upheld. The Data Protection Commissioner is appointed by Government and is independent in the exercise of his or her functions. The Data Protection Commission is empowered to enforce the obligations of data controllers.
The General Data Protection Regulation (GDPR) is about personal data. It aims at empowering the EU based citizens as data subjects and provides a modernised, single set of data protection and privacy rules across Europe.
GDPR applies to the processing of personal data in the context of the activities of an organisation as data controller or data processor that is based in the EU, regardless of whether the processing of personal data takes place in the Union or not.
GDPR also applies to the processing of personal data of data subjects who are based in the EU by a controller or processor not established in the EU, where the processing activities are related to:
- the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
- the monitoring of their behaviour as far as their behaviour takes place within the Union.
GDPR applies to all business- and work-related processing activities involving personal data. This includes all work emails, personal data used in the context of a person's employment, i.e. for work, including images, phone calls or mailing lists. GDPR covers the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both electronic and non-electronic, e.g. paper format.
Note:GDPR does not apply to processing of personal data such as recording videos or private emails, by a private individual ‘in the course of a purely personal or household activity’. This is called 'household exemption' However, if this person puts such a private video or photo on e.g. a UCD website, then GDPR does apply to the use of such material in an organisational context.