FAQs
What is excessive information?
Excessive information is information/personal data that is not required for the purpose of processing. Any data controller that requests information/personal data from a data subject should be able to justify the reasons for seeking each piece of personal data.
FAQs
What is a Data Controller and a Data Processor?
A data controller is the individual or the legal person (for example a company or public authority) which determines the purposes and means of the processing of personal data; in other words, the controller makes material decisions relating to the processing of personal data, such as determining the purposes for which personal data is collected, stored, used, altered and disclosed.
FAQs
Is my consent required for my data to be processed?
Unfortunately, it is a myth that data controllers must get consent for ALL purposes of processing and this has led to the confusion and distress of a large number of data subjects.
FAQs
What is the difference between the Law Enforcement Directive (LED) and the GDPR?
The Law Enforcement Directive (LED) differs from the General Data Protection Regulation (GDPR) in that the LED is a directive that was transposed into Irish law by way of the Data Protection Act 2018 under Part 5; note also that Part 6 of the Data Protection Act 2018 provides for enforcement of both the LED and the GDPR.
FAQs
What is processing and further processing?
“Processing” under Article 4 (2) of the GDPR means doing something with an individual’s personal data, such as collecting, recording, disclosing, altering, consulting with or simply storing the personal data. A data controller who processes personal data must only process the required data for the specific purpose of fulfilling the objectives for which the data was initially gathered and processed.
FAQs
What is special category data?
The General Data Protection Regulation (GDPR) provides extra protection for certain categories of personal data, called “special category data”, under Article 9 of the GDPR. Special category data refers to data which reveals:
FAQs
What is a competent authority under the LED?
Under the Law Enforcement Directive (LED), a competent authority may be a public or private body with powers to prevent, investigate, detect or prosecute (PDIP) criminal matters.
FAQs
When I am attending a public event, can the organisers take promotional photographs of me without my consent?
Images of individuals constitute “personal data” under the General Data Protection Regulation (GDPR). The capturing of a person's image and its subsequent use constitutes processing of personal data within the meaning of the GDPR. As with any processing of personal data, the recording of identifiable images of persons must have a legal basis under the data protection legislative frameworks. Individuals have a right to have their personal data processed in a manner that complies with data protection law.
FAQs
Is my business covered by the GDPR?
If you carry out processing activities with personal data partly or wholly by automated means, or if you otherwise deal with personal data which form (or are intended to form) part of a filing system, and you carry out these processing activities in the context of an establishment of your business within the European Economic Area (EEA), you, as data controller, are subject to the General Data Protection Regulation (GDPR) regardless of whether the processing takes place in the EEA or not.
FAQs
What is and is not direct marketing?
Direct marketing involves a person being targeted by an organisation (marketer) attempting to promote a product or service, or attempting to get the person to request additional information about a product or service. Types of direct marketing may include emails, texts, fax messages, telephone calls or mail.