Data Protection Law in Northern Ireland
The law in Northern Ireland in relation to data is contained in the Data Protection Act 2018. The 2018 Act reflects the General Data Protection Regulations implemented by the Europe Union. The legislation controls how personal information can be used and your rights to ask for information about yourself.
What is personal data?
Personal data is information about an identifiable living individual. This will include any information which has been anonymised, but where the individual could still be identified by other information that can be accessed. This will include names, addresses, workplace, personnel records, medical or health records, work records etc.
What duties are imposed under the Data Protection Act, 2018?
Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
What rights do I have under the 2018 Act?
Under the Data Protection Act 2018, you have the right to find out what information the government and other organisations store about you. These include the right to:
How do I get access to my own data?
Write to an organisation to ask for a copy of the information they hold about you.
If it’s a public organisation, write to their Data Protection Officer (DPO). Their details should be on the organisation’s privacy notice.
If the organisation has no DPO, or you do not know who to write to, address your letter to the company secretary.
How long it should take
The organisation must give you a copy of the data they hold about you as soon as possible, and within 1 month at most.
In certain circumstances, for example particularly complex or multiple requests, the organisation can take a further 2 months to provide data. In this case, they must tell you:
When information can be withheld
There are some situations when organisations are allowed to withhold information, for example if the information is about:
An organisation does not have to say why they’re withholding information.
How much it costs
Requests for information are usually free. However, organisations can charge an administrative cost in some circumstances, for example if:
How do I make a complaint?
If you think your data has been misused or that the organisation holding it has not kept it secure, you should contact them and tell them.
If you’re unhappy with their response, you can make a complaint to the Information Commissioner’s Office (ICO) or get advice from the ICO.
The Information Commissioner’s Office – Northern Ireland
14 Cromac Place,
Telephone: 0303 123 1114
Email: [email protected]
The ICO can investigate your claim and take action against anyone who’s misused personal data. They cannot however recover compensation for an individual’s loss as a result of the data breach.
Am I entitled to financial compensation if my data is used incorrectly or if my rights under the Act are breached?
The law states that “any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.”
In addition, the disclosure of any personal data without consent of the individual represents a breach of the privacy rights of the patient under Article 8 of the European Convention of Human Rights.
Unlawful disclosure could also be a breach of confidence, especially where such breach takes place in a work environment or misuse of private information. These are additional causes of action to any cause of action under the 2018 Act.
Material damage includes any financial or pecuniary loss incurred as a result of the breach (such as loss of earnings or in fraud cases where data has been misused due to identity theft, the value of any theft etc).
Non material damage includes damages for distress and any physical or psychological or psychiatric damage sustained as a result of the data breach.
Can the Information Commissioner recover compensation on my behalf?
No. The individual must recover any compensation separately. This is normally done with the assistance of a solicitor and through the civil legal system.
What should I do if I have suffered loss as a result of a data breach?
What compensation will I receive for the data breach?
This will depend on the nature of your injuries and your financial loss. It will include:
How long do I have to make a claim?
Normally you have six years from the date of the breach to begin proceedings but do not delay – seek advice now.
Why Kearney Law?
We at Kearney Law are ready to assist you and have the knowledge and expertise you need to make a successful claim for compensation. We have an expert team ready to deal with your data breach. We will ensure you recover compensation for your loss, swiftly and professionally.
The content of this blog is provided for information purposes only and does not constitute legal or other advice. No solicitor/client relationship or duty of care or liability of any nature shall exist or arise between the Kearney Law Group and you and we refer you to our disclaimer on our website.
Kearney Law Group specialises in legal services relating to Personal Injury, Clinical Negligence, Historical Institutional Abuse and Mother and Baby Homes cases. We are committed to achieving the best results for our clients.
Contact us today to arrange your FREE initial consultation relating to any of the above matters.
Email: [email protected]
Monday to Thursday 8am – 8pm,
Friday 9am – 5pm