Data Protection Act 1988
31.—(1) A person guilty of an offence under this Act shall be liable—
(a) on summary conviction, to a fine not exceeding F63[€3,000], or
(b) on conviction on indictment, to a fine not exceeding F63[€100,000].
(2) Where a person is convicted of an offence under this Act, the court may order any data material which appears to the court to be connected with the commission of the offence to be forfeited or destroyed and any relevant data to be erased.
(3) The court shall not make an order under subsection (2) of this section in relation to data material or data where it considers that some person other than the person convicted of the offence concerned may be the owner of, or otherwise interested in, the data unless such steps as are reasonably practicable have been taken for notifying that person and giving him an opportunity to show cause why the order should not be made.
(4) Section 13 of the Criminal Procedure Act, 1967, shall apply in relation to an offence under this Act that is not being prosecuted summarily as if, in lieu of the penalties provided for in subsection (3) (a) of that section, there were specified therein the fine provided for in subsection (1) (a) of this section and the reference in subsection (2) (a) of the said section 13 to the penalties provided for by subsection (3) shall be construed and have effect accordingly.
Substituted (1.07.2003) by Data Protection (Amendment) Act 2003 (6/2003), s. 19, S.I. No. 207 of 2003. A fine of €3,000 translates into a class B fine not exceeding €4,000 as provided (4.01.2011) by Fines Act 2010 (8/2010), ss. 3, 5(3) and table ref. no. 1, S.I. No. 662 of 2010.
Modifications (not altering text):
Application of section extended with modification (27.01.2014) by Credit Reporting Act 2013 (45/2013), s. 19(2), (4), S.I. No. 19 of 2014.
(2) Sections 2, 4 and 6 of the Data Protection Act 1988 shall have effect as if—
(a) references to personal data included relevant credit data, and
(b) a person to whom this section applies were a living individual, and sections 9, 10, 12 and 24 to 31 of that Act apply accordingly.
(4) This section applies to any person with an annual turnover of not more than €3,000,000 (and to whom sections 2, 4 and 6 of the Data Protection Act 1988 would not apply apart from this section).
Application of Act extended (31.12.2005) by Disability Act 2005 (14/2005), s. 42(4), S.I. No. 474 of 2005.
Genetic testing and processing of genetic data.
(4) A person who contravenes subsection (2) or (3) shall be guilty of an offence; an offence under this subsection shall be deemed to be an offence to which section 31 of the Data Protection Act 1988 applies.
Previous affecting provision: construction of section extended (6.11.2003) by European Communities (Electronic Communications Networks and Services) (Data Protection and Privacy) Regulations 2008 (S.I. No. 535 of 2003), reg. 17(1)(a); reg. 17 substituted (13.12.2008) by European Communities (Electronic Communications Networks and Services) (Data Protection and Privacy) (Amendment) Regulations 2008 (S.I. No. 526 of 2008), reg. 9; revoked and replaced (1.07.2011) by European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (S.I. No. 336 of 2011), reg. 35 subject to transitional provisions in reg. 34.
Previous affecting provision: application of ss. 10, 12, 24, 25, 26 (insofar as it relates to a requirement specified in an enforcement notice or an information notice or a decision of the Commissioner in relation to a complaint under section 10(1)(a) ) and ss. 27 to 31 extended with any necessary modifications (8.05.2002) by European Communities (Data Protection and Privacy in Telecommunications) Regulations 2002 (S.I. No. 192 of 2002), reg. 12; revoked (6.11.2003) by European Communities (Electronic Communications Networks and Services) (Data Protection and Privacy) Regulations 2003 (S.I. No. 535 of 2003), reg. 24.