Data Protection Act 1988
Powers of authorised officers.
24.—F58[(1) In this section "authorised officer" has the same meaning that it has in section 2(1) of the Data Protection Act 2018.]
(2) An authorised officer may, for the purpose of obtaining any information that is necessary or expedient for the performance by the Commissioner of his functions, on production of the officer’s authorisation, if so required—
(a) at all reasonable times enter premises that he reasonably believes to be occupied by a data controller or a data processor, inspect the premises and any data therein (other than data consisting of information specified in section 12 (4) (b) of this Act) and inspect, examine, operate and test any data equipment therein,
(b) require any person on the premises, being a data controller, a data processor or an employee of either of them, to disclose to the officer any such data and produce to him any data material (other than data material consisting of information so specified) that is in that person’s power or control and to give to him such information as he may reasonably require in regard to such data and material,
(c) either on the premises or elsewhere, inspect and copy or extract information from such data, or inspect and copy or take extracts from such material, and
(d) require any person mentioned in paragraph (b) of this subsection to give to the officer such information as he may reasonably require in regard to the procedures employed for complying with the provisions of this Act, the sources from which such data are obtained, the purposes for which they are kept, the persons to whom they are disclosed and the data equipment in the premises.
(6) A person who obstructs or impedes an authorised officer in the exercise of a power, or, without reasonable excuse, does not comply with a requirement, under this section or who in purported compliance with such a requirement gives information to an authorised officer that he knows to be false or misleading in a material respect shall be guilty of an offence.
Substituted other than for certain excepted purposes (25.05.2018) by Data Protection Act 2018 (7/2018), s. 172(1)(a), (2), S.I. No. 174 of 2018. The excepted purposes in subs. (2) are 7/2018, s. 8(1)(b), (2), (3). See C-note below.
Repealed (1.10.2007) by Data Protection (Amendment) Act 2003 (6/2003), s. 22(1), S.I. No. 656 of 2007.
Modifications (not altering text):
Subs. (1) substituted, but previous version (below) retained for certain excepted purposes, (25.05.2018) by Data Protection Act 2018 (7/2018), s. 172(1)(a), (2), S.I. No. 174 of 2018. The excepted purposes in subs. (2) are 7/2018, s. 8(1)(b) (the processing of such data under the Criminal Justice (Forensic Evidence and DNA Database System) Act 2014 (11/2014) or the Vehicle Registration Data (Automated Searching and Exchange) Act 2018 (5/2018) to the extent that the Act of 1988 is applied in those Acts) and s. 8(2), (3) (transitional provisions).
24.—(1) In this section “authorised officer” means a person authorised in writing by the Commissioner to exercise, for the purposes of this Act, the powers conferred by this section.
Application of section extended with modification (27.01.2014) by Credit Reporting Act 2013 (45/2013), s. 19(2), (4), S.I. No. 19 of 2014.
(2) Sections 2 , 4 and 6 of the Data Protection Act 1988 shall have effect as if—
(a) references to personal data included relevant credit data, and
(b) a person to whom this section applies were a living individual, and sections 9, 10, 12 and 24 to 31 of that Act apply accordingly.
(4) This section applies to any person with an annual turnover of not more than €3,000,000 (and to whom sections 2, 4 and 6 of the Data Protection Act 1988 would not apply apart from this section).
Application of section extended with any necessary modifications (24.02.2003) by European Communities (Directive 2000/31/EC) Regulations 2003 (S.I. No. 68 of 2003), reg. 9(6).
Unsolicited commercial communications.
(6) The following provisions of the Act, namely —
(a) sections 1, 10, 12, 24 and 25,
(b) section 26 in so far as it relates to a requirement specified in an enforcement notice or an information notice or a decision of the Data Protection Commissioner in relation to a complaint under section 10 (1) (a) of the Act,
(c) sections 27 to 30,
apply for the purpose of this Regulation with the modifications specified in paragraphs (7) to (10) and any other necessary modifications.
(7) References, in the provisions of the Act mentioned in paragraph (6), to that Act or the provisions of that Act shall, unless the context otherwise requires be construed as including references to this Regulation or the provisions of this Regulation.
(10) Section 24 of the Act applies as if —
(a) in subsection (2)(a), there were substituted “a person to whom the Regulations of 2003 apply” for “a data controller or a data processor”,
(b) in subsection (2)(b), there were substituted “being a person to whom the Regulations of 2003 apply or an employee of such a person” for “being a data controller, a data processor or an employee of either of them”,
(c) there were deleted subsections (3), (4) and (5).
(11) In this Regulation —
“Act” means the Data Protection Act 1988 (No. 25 of 1988);
Previous affecting provision: section applied with modifications (from the date on which the declaration by the State under Article 32(4) of the Customs Co-operation Convention took effect to 24 October 2007) by Customs and Excise (Mutual Assistance) Act 2001 (Section 8) (Protection of Manual Data) Regulations 2004 (S.I. No. 254 of 2004), reg. 10(2).
Previous affecting provision: construction of section extended (6.11.2003) by European Communities (Electronic Communications Networks and Services) (Data Protection and Privacy) Regulations 2008 (S.I. No. 535 of 2003), reg. 17(1)(a); reg. 17 substituted (13.12.2008) by European Communities (Electronic Communications Networks and Services) (Data Protection and Privacy) (Amendment) Regulations 2008 (S.I. No. 526 of 2008), reg. 9; revoked and replaced (1.07.2011) by European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (S.I. No. 336 of 2011), reg. 35 subject to transitional provisions in reg. 34.
Previous affecting provision: application of ss. 10, 12, 24, 25, 26 (insofar as it relates to a requirement specified in an enforcement notice or an information notice or a decision of the Commissioner in relation to a complaint under section 10(1)(a) ) and ss. 27 to 31 extended with any necessary modifications (8.05.2002) by European Communities (Data Protection and Privacy in Telecommunications) Regulations 2002 (S.I. No. 192 of 2002), reg. 12; revoked (6.11.2003) by European Communities (Electronic Communications Networks and Services) (Data Protection and Privacy) Regulations 2003 (S.I. No. 535 of 2003), reg. 24.