Skip to content

You are reading 1 of 2 free-access articles allowed for 30 days

Data Protection Act subjects public authorities to fines

The Act was signed into law by President Michael D Higgins on 22 May 2018 and officially confirms the position following uncertainty around whether State bodies would be subject to fines.

Prior to the enactment, several GPs voiced concern at the unfair prospect that public bodies would be insulated from responsibility, while GPs and other private companies would be exposed to huge financial penalties.

The Data Protection Act gives effect to the EU General Data Protection Regulation (GDPR), which was passed in May 2016.

The new rules will allow the Data Protection Commissioner to impose fines on companies, including GP practices, that misuse a person’s information.

The law states that public bodies and organisations processing sensitive or personal information as a core part of the business are all required to have a data protection officer.

“As the Department of Health and the HSE are ‘public authorities’ under the Data Protection Act 2018, they are subject to administrative fines of up to €1,000,000 where the DPC [Data Protection Commissioner] determines that there has been an infringement of the Act and decides to impose a fine,” a Department spokesperson outlined.

The NAGP has called for GP exemption from GDPR penalties, arguing that there is “no merit in taking resources out of general practice” when it is already in crisis.

GP and GP trainer Dr Stephen Murphy has warned that GDPR regulation has the potential to regulate Irish general practice “out of existence”.

Leave a Comment

You must be logged in to post a comment.

Scroll To Top