Who We Are

Data Protection Commission welcomes latest successful prosecutions of marketing offences

11th September 2023

The Data Protection Commission today welcomed the outcome of the prosecution proceedings that were taken by it at the Dublin Metropolitan District Court against Chill Insurance Limited, Hidden Hearing Limited, The Multiple Sclerosis Society of Ireland and Vodafone Ireland Limited. ...

Back-to-school photos — Keeping information about your child safe

30th August 2023

#PauseBeforeYouPost   The lead-up to September sees our social media feeds becoming chock-full of photos of smiling children with schoolbags in tow, featuring captions celebrating that they are #backtoschool. The first day of school is an important milestone that proud parents everywhere are often keen to capture and share online. ...

FAQs

Where can I get further information on data protection for organisations?

The Data Protection Commission (DPC) has a designated section on its website which provides additional data protection information and resources for organisations.

Back to FAQ search

FAQs

Can I use a "cloud" service to process my data?

If you decide to employ an external cloud service provider (the provider), for example, in order to upload and store documents, photos, videos, and other files on a remote server (a “cloud service”), your relationship with the provider could be one of joint controllership, a controller-processor relationship or both.

Back to FAQ search

FAQs

What should be contained in a contract between a data controller and a data processor?

Sometimes, an organisation will need to engage the services of a sub-contractor or agent to process personal data on its behalf.  Such an agent is termed a 'data processor' under data protection law. For example, a company may wish to engage the services of a payroll company to deal with their payroll issues. The employer is the data controller and the payroll company is the data processor.

Back to FAQ search

FAQs

What do I do if there is a security breach?

A personal data breach under the General Data Protection Regulation (GDPR) is ‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed’.

 

Data controllers are therefore required to have in place appropriate security measures to prevent both internal and external unauthorised access to personal data that is under their control.

 

Back to FAQ search

FAQs

Is a member of a management company entitled to be provided with a full list of all registered members of the management company?

Under Section 169 of the Companies Act 2014, as amended, every company is required to keep a register of the company's members containing details of, amongst other things, the names and addresses of each member. The Act provides that an Owners’ Management Company (OMC) must keep a register of its members, which must be made available by the company for inspection without charge. In addition, Section 216 (11) Companies Act 2014 provides that a member may request a copy or a copy of any part of the members' register.

Back to FAQ search

FAQs

Can management companies disclose to all members details of those property owners/members that have not paid service charges?

Section 18 of the Multi-Unit Developments Act 2011 requires an Owners’ Management Company (OMC) to establish and maintain a scheme to collect the service charges of its members. Information such as payment of service charges obtained in operating such a scheme constitutes the personal data of the individuals concerned and so must be processed according to the General Data Protection Regulation (GDPR) and Data Protection Act 2018.

Back to FAQ search