Credit Reporting Act 2013

19.

Data protection

19. (1) Nothing in this Act limits the operation of the Data Protection Acts 1988 and 2003.

(2) Sections 2, 4 and 6 of the Data Protection Act 1988 shall have effect as if—

(a) references to personal data included relevant credit data, and

(b) a person to whom this section applies were a living individual,

and sections 9, 10, 12 and 24 to 31 of that Act apply accordingly.

(3) In subsection (2)“relevant credit data” means information held on the Register which relates to a person to whom this section applies and which, if it were information relating to a living individual, would be personal data for the purposes of the Data Protection Acts 1988 and 2003 .

(4) This section applies to any person with an annual turnover of not more than €3,000,000 (and to whom sections 2, 4 and 6 of the Data Protection Act 1988 would not apply apart from this section).

(5) The Bank may, with the consent of the Minister, make regulations specifying for the purposes of subsection (4) how, and by reference to what year, annual turnover is to be calculated.

(6) The Bank shall notify the Data Protection Commissioner of any systemic problems identified by the Bank in relation to the obtaining, keeping, processing or use of information held on the Register.

(7) The Bank shall take such action (which may include action in cooperation with the Data Protection Commissioner) as appears to the Bank to be appropriate to eliminate or minimise any such systemic problems.

Annotations:

Modifications (not altering text):

C4

References to Data Protection Commissioner construed (25.05.2018) by Data Protection Act 2018 (7/2018), s. 14(2), commenced as per subs. (4) and S.I. No. 175 of 2018.

Transfer of functions of Data Protection Commissioner to Commission

14. (1) All functions that, immediately before the establishment day, were vested in the Data Protection Commissioner are transferred to the Commission.

(2) A reference in any enactment or instrument under an enactment to the Data Protection Commissioner or to the Office of the Data Protection Commissioner shall be construed as a reference to the Commission.

...

C5

References to personal data and processing construed (25.05.2018) by Data Protection Act 2018 (7/2018), ss. 165, 166, S.I. No. 174 of 2018.

Reference to personal data in enactment

165. Subject to this Act, a reference in any enactment to personal data within the meaning of the Act of 1988 shall be construed as including a reference to personal data within the meaning of—

(a) the Data Protection Regulation, and

(b) Part 5.

Reference to processing in enactment

166. Subject to this Act, a reference in any enactment to processing within the meaning of the Act of 1988 shall be construed as including a reference to processing within the meaning of—

(a) the Data Protection Regulation, and

(b) Part 5.