30 08 2017 Insights Cyber and Data Protection

Key Takeaways from the Data Protection Commissioner’s 2016 Annual Report

Annual Report

23 May. 2017

Introduction

The Data Protection Commissioner of Ireland (“DPC”), Ms Helen Dixon, published her Annual Report for 2016 on 11 April 2017. This, her third annual report, gives a valuable insight into the areas of focus for the Office of the Data Protection Commissioner (“ODPC”). The DPC described 2016 as an “Olympic” year in data protection as big strides forward were made in Europe with the enactment of the General Data Protection Regulation (“GDPR”). The new GDPR framework is aimed at modernising and uniforming Europe’s data protection laws and safeguarding the right to protection of personal data.

Expansion of the ODPC

The Annual Report notes an increase in Government funding of the ODPC. The budget of the ODPC increased to €7.5 million in 2016 (from €4.7 million in the previous year). This increase in funding, the DPC comments, is in order to allow the ODPC to continue fulfilling an independent supervisory role in Ireland, which is charged with upholding the EU fundamental right to data protection. The ODPC has also seen continued expansion in terms of staffing levels. The ODPC now employs 70 staff, with an additional 35 staff planned to be added in 2017. Finally, 2016 also saw the launch of the ODPC’s Twitter account.

Queries and Complaints to the ODPC

In 2016, the ODPC dealt with 15,335 queries via email, 16,744 telephone queries and 1,150 queries via post. The ODPC also received numerous complaints. In total, 1,479 complaints were received in 2016, which was an increase of 547 complaints from the previous year. Of the complaints received, 1,438 complaints were concluded by the ODPC, which left 508 complaints outstanding at the end of the year. Below is a breakdown of complaints received by data protection issue.

Type of Complaint

Number of Complaints

Access Rights

835

Disclosure

176

Electronic Direct Marketing

118

Unfair Processing of Data

92

Failure to secure data

35

Use of CCTV Footage

32

Right of rectification Internet

27

Internet search-result delisting

26

Accuracy

26

Retention

16

Specific Purpose

12

Excessive Data

11

Unauthorised Access

9

Data Sharing

8

Use of biometrics

3

Verification ID

3

Miscellaneous

50

TOTAL

1,479