General Data Protection Regulation
The General Data Protection Regulation (GDPR), under Article 15, gives individuals the right to request a copy of any of their personal data which are being ‘processed’ (i.e. used in any way) by ‘controllers’ (i.e. those who decide how and why data are processed). These requests are often referred to as ‘data subject access requests’, or ‘access requests’.
The Commission to Inquire into Child Abuse (“The Commission”) is not covered by this regulation insofar as it relates to personal records. The Commission’s legislation was amended by the Data Protection Act, 2018 as follows:
188. The Commission To Inquire Into Child Abuse Act 2000 is amended by the substitution of the following section for section 33:
“33. (1) Article 15 (Right of access) of the Data Protection Regulation is restricted, to the extent necessary and proportionate to safeguard the effective performance by the Commission of its functions or a Committee of its functions, in so far as it relates to personal data (within the meaning of that Regulation) provided to the Commission or a Committee while the data is in the custody of the Commission or a Committee, or in the case of such data provided to the Confidential Committee, of a body to which it is transferred by the Commission upon the dissolution of the Commission.
(2) In this section, ‘Data Protection Regulation’ means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 201624 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).”
The Commission is covered by GDPR in terms of how we process, retain and store the data in our possession.