Data Protection Commission Ireland’s Post

🗣️Data Subject Rights and Lawful Bases of Processing Your personal data is protected by key rights and lawful processing bases. Data subject rights include access to your data, correction of inaccuracies, deletion requests, restriction of processing, data portability, objection to processing, and review of automated decisions. Lawful bases for processing your data include your consent, contractual necessity, legal obligations, vital interests, public tasks, and legitimate interests. Understanding these principles helps you stay in control of your personal information. Keep an eye 👁️out as we share highlights of the presentation on our Social Media channels! Looking to find out more, contact our team at info@paraschou.com.cy Coming up on Friday 7th June: Personal Data Protection – Dos & Don’ts, Tips & Tricks #GDPR #DataRights #LawfulProcessing #LegalObligations #MParaschouLaw

Have you read our article on the importance of data governance? If not, what are you waiting for? Read today! #thoughtleadership #legalindustry #lexisnexis

The EU court says in case C-307/22, FT v DW that: 1) the right of access overrides national law that limits the right of access, and 2) exercising the right of access according to the GDPR should generally not entail any costs for the individual, 3) such costs can only be imposed where the individual has already received a first copy of their data for free, 4) GDPR does not require the individual to state reasons for the request, and therefore doctors etc. cannot reject a request for access, 5) the individual must be given a "faithful and intelligible reproduction" of the data. This includes sharing a full copy of documents containing the individual's personal data – rather than just extracts – if it is "necessary" for the individual to understand and verify the accuracy and completeness of the data processing.

If you had to rewrite article 6 of GDPR and had to decide one single legal basis that would be the only one allowed, and that one legal basis would have to be either consent (freely given, informed etc), or legimitate interest. What would it be? Power to the people, or not? I know what I’d go with, but curious to hear your thoughts.

Is Circle Closed? Judgment C-46/23 Questions referred Joost Gerritsen 1.    Must Article 58(2), in particular subparagraphs (c), (d) and (g), of the General Data Protection Regulation 1 (‘GDPR’) be interpreted as meaning that the national supervisory authority, in exercise of its corrective powers, may order the data controller or processor to erase unlawfully processed personal data even in the absence of an express request by the data subject under Article 17(1) of the GDPR? 2.    In the event that the answer to the first question is that the supervisory authority may order the data controller or processor to erase unlawfully processed personal data even in the absence of a request by the data subject, is that so irrespective of whether or not the personal data were obtained from the data subject?

"The Information Commissioner’s Office has published new data protection fining guidance setting out how it decides to issue penalties and calculate fines.   The guidance provides greater transparency for organisations about how the ICO goes about using its fining power." "The guidance can be found here: https://lnkd.in/daJjrXjB " #GDPRandNonEUcompanies #EDPObrussels #EUrepresentative #DataProtection #UKrepresentative #EDPOuk #GDPR #UKGDPR #EUGDPR #ICO #FiningGuidance #Transparency   Subscribe to EDPO's newsletter here: https://lnkd.in/dwK8sde   *This article was not written by EDPO. The opinions and views of the author(s) do not necessarily represent those of EDPO. https://lnkd.in/ec3f2Ey4

My big question is whether Data Protection Authorities can order a controller to delete personal data, even in the absence of an express request by the data subject under Article 17(1) of the GDPR. This includes any algorithms or models that originated, in whole or in part, from” unlawfully personal data.

BREAKING: As of August 5, 2024, Israel enters a new era with a unique updated framework for data protection and governance, shielded by significant penalties. Amid the growing concerns over additional imminent attacks on the country, the Knesset has enacted Bill No. 13 to the Protection of Privacy Law. The amendments introduce a substantial facelift to the law, which will take effect in a year. The main amendments include: ✨ Administrative fines of up to 5% of the annual turnover ✨ Statutory and exemplary damages in civil actions ✨ Severe criminal penalties ✨ New definitions for foundational terms ✨ Enhanced notice requirements ✨ Mandatory appointments of CISOs and DPOs ✨ Notification and submissions duties ✨ registration and specific provisions for data brokers ✨ special provisions for law enforcement and national security agencies. For years, privacy enforcement in Israel was limited. The recent reform makes a drastic change and requires greater attention to the processing of personal data, as the regulatory, civil, and criminal risks become high. GDPR compliance work does not cover all mandatory requirements under Israeli laws. It calls for a reassessment of data processing activities in Israel and for a reallocation of time and resources to be prepared for a new era of regulation. #dataprotection #privacylaws #reform Or-Hof Law Strand Alliance

If someone believes their information has been compromised because you haven't disposed of it securely, they can lodge a complaint with the Information Commissioner's Office; it's a legal right: "𝑊𝑖𝑡ℎ𝑜𝑢𝑡 𝑝𝑟𝑒𝑗𝑢𝑑𝑖𝑐𝑒 𝑡𝑜 𝑎𝑛𝑦 𝑜𝑡ℎ𝑒𝑟 𝑎𝑑𝑚𝑖𝑛𝑖𝑠𝑡𝑟𝑎𝑡𝑖𝑣𝑒 𝑜𝑟 𝑗𝑢𝑑𝑖𝑐𝑖𝑎𝑙 𝑟𝑒𝑚𝑒𝑑𝑦, 𝑒𝑣𝑒𝑟𝑦 𝑑𝑎𝑡𝑎 𝑠𝑢𝑏𝑗𝑒𝑐𝑡 𝑠ℎ𝑎𝑙𝑙 ℎ𝑎𝑣𝑒 𝑡ℎ𝑒 𝑟𝑖𝑔ℎ𝑡 𝑡𝑜 𝑙𝑜𝑑𝑔𝑒 𝑎 𝑐𝑜𝑚𝑝𝑙𝑎𝑖𝑛𝑡 𝑤𝑖𝑡ℎ 𝑎 𝑠𝑢𝑝𝑒𝑟𝑣𝑖𝑠𝑜𝑟𝑦 𝑎𝑢𝑡ℎ𝑜𝑟𝑖𝑡𝑦, 𝑖𝑛 𝑝𝑎𝑟𝑡𝑖𝑐𝑢𝑙𝑎𝑟 𝑖𝑛 𝑡ℎ𝑒 𝑀𝑒𝑚𝑏𝑒𝑟 𝑆𝑡𝑎𝑡𝑒 𝑜𝑓 ℎ𝑖𝑠 𝑜𝑟 ℎ𝑒𝑟 ℎ𝑎𝑏𝑖𝑡𝑢𝑎𝑙 𝑟𝑒𝑠𝑖𝑑𝑒𝑛𝑐𝑒, 𝑝𝑙𝑎𝑐𝑒 𝑜𝑓 𝑤𝑜𝑟𝑘 𝑜𝑟 𝑝𝑙𝑎𝑐𝑒 𝑜𝑓 𝑡ℎ𝑒 𝑎𝑙𝑙𝑒𝑔𝑒𝑑 𝑖𝑛𝑓𝑟𝑖𝑛𝑔𝑒𝑚𝑒𝑛𝑡 𝑖𝑓 𝑡ℎ𝑒 𝑑𝑎𝑡𝑎 𝑠𝑢𝑏𝑗𝑒𝑐𝑡 𝑐𝑜𝑛𝑠𝑖𝑑𝑒𝑟𝑠 𝑡ℎ𝑎𝑡 𝑡ℎ𝑒 𝑝𝑟𝑜𝑐𝑒𝑠𝑠𝑖𝑛𝑔 𝑜𝑓 𝑝𝑒𝑟𝑠𝑜𝑛𝑎𝑙 𝑑𝑎𝑡𝑎 𝑟𝑒𝑙𝑎𝑡𝑖𝑛𝑔 𝑡𝑜 ℎ𝑖𝑚 𝑜𝑟 ℎ𝑒𝑟 𝑖𝑛𝑓𝑟𝑖𝑛𝑔𝑒𝑠 𝑡ℎ𝑖𝑠 𝑅𝑒𝑔𝑢𝑙𝑎𝑡𝑖𝑜𝑛." And just like that, you have a heap of stress, worry and paperwork on your hands. Better to avoid the situation in the first place. Have a regular collection from Elite Shredding UK, and we'll give you secured bags or bins in which to place papers with sensitive information. We'll collect it and have it fed into an industrial shredder. The waste is then recycled into something useful. Elite Shredding UK - keeping your secrets secret. #shredding #ukgdpr #gdpr https://bit.ly/3xtUHiq

If someone believes their information has been compromised because you haven't disposed of it securely, they can lodge a complaint with the Information Commissioner's Office; it's a legal right: "𝑊𝑖𝑡ℎ𝑜𝑢𝑡 𝑝𝑟𝑒𝑗𝑢𝑑𝑖𝑐𝑒 𝑡𝑜 𝑎𝑛𝑦 𝑜𝑡ℎ𝑒𝑟 𝑎𝑑𝑚𝑖𝑛𝑖𝑠𝑡𝑟𝑎𝑡𝑖𝑣𝑒 𝑜𝑟 𝑗𝑢𝑑𝑖𝑐𝑖𝑎𝑙 𝑟𝑒𝑚𝑒𝑑𝑦, 𝑒𝑣𝑒𝑟𝑦 𝑑𝑎𝑡𝑎 𝑠𝑢𝑏𝑗𝑒𝑐𝑡 𝑠ℎ𝑎𝑙𝑙 ℎ𝑎𝑣𝑒 𝑡ℎ𝑒 𝑟𝑖𝑔ℎ𝑡 𝑡𝑜 𝑙𝑜𝑑𝑔𝑒 𝑎 𝑐𝑜𝑚𝑝𝑙𝑎𝑖𝑛𝑡 𝑤𝑖𝑡ℎ 𝑎 𝑠𝑢𝑝𝑒𝑟𝑣𝑖𝑠𝑜𝑟𝑦 𝑎𝑢𝑡ℎ𝑜𝑟𝑖𝑡𝑦, 𝑖𝑛 𝑝𝑎𝑟𝑡𝑖𝑐𝑢𝑙𝑎𝑟 𝑖𝑛 𝑡ℎ𝑒 𝑀𝑒𝑚𝑏𝑒𝑟 𝑆𝑡𝑎𝑡𝑒 𝑜𝑓 ℎ𝑖𝑠 𝑜𝑟 ℎ𝑒𝑟 ℎ𝑎𝑏𝑖𝑡𝑢𝑎𝑙 𝑟𝑒𝑠𝑖𝑑𝑒𝑛𝑐𝑒, 𝑝𝑙𝑎𝑐𝑒 𝑜𝑓 𝑤𝑜𝑟𝑘 𝑜𝑟 𝑝𝑙𝑎𝑐𝑒 𝑜𝑓 𝑡ℎ𝑒 𝑎𝑙𝑙𝑒𝑔𝑒𝑑 𝑖𝑛𝑓𝑟𝑖𝑛𝑔𝑒𝑚𝑒𝑛𝑡 𝑖𝑓 𝑡ℎ𝑒 𝑑𝑎𝑡𝑎 𝑠𝑢𝑏𝑗𝑒𝑐𝑡 𝑐𝑜𝑛𝑠𝑖𝑑𝑒𝑟𝑠 𝑡ℎ𝑎𝑡 𝑡ℎ𝑒 𝑝𝑟𝑜𝑐𝑒𝑠𝑠𝑖𝑛𝑔 𝑜𝑓 𝑝𝑒𝑟𝑠𝑜𝑛𝑎𝑙 𝑑𝑎𝑡𝑎 𝑟𝑒𝑙𝑎𝑡𝑖𝑛𝑔 𝑡𝑜 ℎ𝑖𝑚 𝑜𝑟 ℎ𝑒𝑟 𝑖𝑛𝑓𝑟𝑖𝑛𝑔𝑒𝑠 𝑡ℎ𝑖𝑠 𝑅𝑒𝑔𝑢𝑙𝑎𝑡𝑖𝑜𝑛." And just like that, you have a heap of stress, worry and paperwork on your hands. Better to avoid the situation in the first place. Have a regular collection from Elite Shredding UK, and we'll give you secured bags or bins in which to place papers with sensitive information. We'll collect it and have it fed into an industrial shredder. The waste is then recycled into something useful. Elite Shredding UK - keeping your secrets secret. #shredding #ukgdpr #gdpr https://bit.ly/3xtUHiq