The Irish legislators have made limited use of the opening clauses of the GDPR. However, the Irish Data Protection Act specifies some topics that companies need to know regarding personal data protection, such as restriction of data subjects’ access requests, processing of special categories of data (such as health data) and processing of childrens’ data.
In the following, you will find the additions and derogations to the GDPR on the most important topics of personal data protection for companies. If topics are not linked, there are no derogating or specifying provisions in the national data-protection law.
- Specific data protection law and official guidelines
- Substantive and territorial scope (no regulations deviating from the GDPR)
- Definitions
- Legal principles (no regulations deviating from the GDPR)
- Legal basis
- Sensitive data
- Informing requirements
- E-marketing
- Cookies
- Automated decision-making
- Rights of data subjects
- Processing on behalf of a controller (no regulations deviating from the GDPR)
- Records of processing activities (no regulations deviating from the GDPR)
- Data security
- Data breaches
- Data protection impact assessment (DPIA) (no regulations deviating from the GDPR)
- Data protection officer
- Certification
- Data transfer
- Supervisory authorities
- Sanctions and penalties
- Data protection for employees
- Archiving, scientific and historical research
