1. Irish Data Protection Law
  2. Legislation (IE)
  3. Acts
  4. 1988
Date-stamp loading
  1. Data Protection Act, 1988 (No. 25)
Next
Version status: In force | Document consolidation status: Updated to reflect all known changes
Published date: 13 July 1988

Data Protection Act, 1988 (No. 25)

Consolidation Status: Updated to reflect all known changes

From 25 May 2018, this Act ceased to apply to the processing of personal data (within the meaning of this Act) other than the processing of such data for the purposes of safeguarding the security of the State, the defence of the State or the international relations of the State, or the processing of such data under the Criminal Justice (Forensic Evidence and DNA Database System) Act 2014 or the Vehicle Registration Data (Automated Searching and Exchange) Act 2018 to the extent that this Act is applied in those Acts but is still applicable to complaints made under s. 10 and contraventions of this Act that occurred before 25 May 2018, see s. 8 of the Data Protection Act 2018 (No. 7).

Comparing proposed amendment...
Introductory Text
Acts Referred to
Preliminary (s. 1)
In force
 1. Interpretation and application of Act.
Protection of Privacy of Individuals with regard to Personal Data (ss. 2-8)
In force
 2. Collection, processing, keeping, use and disclosure of personal data.
In force
 2A. Processing of personal data.
In force
 2B. Processing of sensitive personal data.
In force
 2C. Security measures for personal data.
In force
 2D. Fair processing of personal data.
In force
 3. Right to establish existence of personal data.
In force
 4. Right of access.
In force
 5. Restriction of right of access.
In force
 6. Right of rectification or erasure.
In force
 6A. Right of data subject to object to processing likely to cause damage or distress.
In force
 6B. Rights in relation to automated decision taking.
In force
 7. Duty of care owed by data controllers and data processors.
In force
 8. Disclosure of personal data in certain cases.
The Data Protection Commissioner (ss. 9-15)
Repealed
 9. The Commissioner.
In force
 10. Enforcement of data protection.
In force
 11. Restriction on transfer of personal data outside State.
In force
 12. Power to require information.
In force
 12A. Prior checking of processing by Commissioner.
Repealed
 13. Codes of practice.
Repealed
 14. Annual report.
In force
 15. Mutual assistance between parties to Convention.
Registration (ss. 16-20)
Repealed
 16. The register.
Repealed
 17. Applications for registration.
Repealed
 18. Duration and continuance of registration.
Repealed
 19. Effect of registration.
Repealed
 20. Regulations for registration.
Miscellaneous (ss. 21-35)
In force
 21. Unauthorised disclosure by data processor.
In force
 22. Disclosure of personal data obtained without authority.
Repealed
 22A. Journalism, literature and art.
Repealed
 23. Provisions in relation to certain non-residents and to data kept or processed outside State.
In force
 24. Powers of authorised officers.
In force
 25. Service of notices.
In force
 26. Appeals to Circuit Court.
In force
 27. Evidence in proceedings.
In force
 28. Hearing of proceedings.
In force
 29. Offences by directors, etc., of bodies corporate.
In force
 30. Prosecution of summary offences by Commissioner.
In force
 31. Penalties.
In force
 32. Laying of regulations before Houses of Oireachtas.
Repealed
 33. Fees.
In force
 34. Expenses of Minister.
In force
 35. Short title and commencement.
In force
 First Schedule - Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data done at Strasbourg on the 28th day of January, 1981
Repealed
 Second Schedule - The Data Protection Commissioner
Repealed
 Third Schedule - Public Authorities and Other Bodies and Persons
Next