• GL
Choose your location?
  • Global Global
  • Australia
  • France
  • Germany
  • Ireland
  • Italy
  • Poland
  • Qatar
  • Spain
  • UAE
  • UK

Ireland publishes Data Protection Bill 2018 in advance of GDPR

14 February 2018
Managing time
Ireland’s Data Protection Bill 2018 was published in early February.  This text, which may be subject to change by the Irish Parliament, will amend the current Irish Data Protection Acts, 1988 and 2003.  The Bill contains two exemptions of particular relevance to insurers.  

Ireland’s Data Protection Bill 2018 was published in early February. This text, which may be subject to change by the Irish Parliament, will amend the current Irish Data Protection Acts, 1988 and 2003.  

When enacted, the Bill will bring into Irish law the General Data Protection Regulation 'GDPR' (EC/2016/679) and the Law Enforcement Directive (EC/2016/680).  The Bill addresses the powers of Ireland's Supervisory Authority, the Data Protection Commissioner and enacts the separate Law Enforcement Directive into Irish law.  

The draft Bill establishes a Data Protection Commission in place of the current Data Protection Commissioner, Helen Dixon. Up to three Commissioners may be appointed by the Irish government to form the new Commission.  

The controversial exemption of public bodies from the administrative fines remains in the Bill, except where these public bodies are acting as an “undertaking” (providing goods or services alongside private bodies).  

Liability for individuals who contravene data protection requirements continues to be in force in line with the present Data Protection Acts 1988 and 2003, with fines of up to €50,000 and potential custodial sentences of up to five years. Company directors, managers and other officers also may be held individually liable for contravening the Bill's requirements, once it can be proved an offence was committed with the consent of such an officer.  

The Bill contains two exemptions of particular relevance to Insurers. The existing Section 41 states that the processing of special categories of personal data, which includes data indicating racial or ethnic origin, political opinions, religious or philosophical beliefs, health, genetic or biometric data, shall be lawful where the processing is necessary 'for the purposes of, or in connection with, legal claims, prospective legal claims … or is otherwise necessary for the purposes of establishing, exercising or defending legal rights'.  

Section 44 establishes a new lawful processing exception in Ireland and is intended to address processing concerns raised by insurers during the Bill's consultation phase.  Under this draft Section, 'health data' may also be processed where necessary for policies of insurance, life assurance, health insurance and pensions.  

The GDPR permits criminal convictions and offences data to be processed only under the control of official authority or for specified purposes under national law.  In line with this authority, the new Bill provides examples of such processing under official authority and specifies five purposes where processing is permitted in Section 49.  Insurers presently process data relating to criminal convictions and offences to more accurately assess risk and help prevent fraud. Under the draft Bill, this processing must remain under the control of official authority in Ireland (ie An Garda Siochána) and in compliance with the Irish Commissioner's existing June 2013 Code of Practice on Data Protection for the Insurance Sector.

The Bill is expected to be enacted prior to 6 May 2018, which is the deadline for the introduction of the Law Enforcement Directive into national law. 

Visit our GDPR Hub 

Further Reading

We use cookies to give you the best user experience on our website. Please let us know if you accept our use of cookies.

Manage cookies

Your Privacy

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. We mainly use this information to ensure the site works as you expect it to, and to learn how we can improve the experience in the future. The information does not usually directly identify you, but it can give you a more personalised web experience.
Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change permissions. However, blocking some types of cookies may prevent certain site functionality from working as expected

Functional cookies


These cookies let you use the website and are required for the website to function as expected.

These cookies are required

Tracking cookies

Anonymous cookies that help us understand the performance of our website and how we can improve the website experience for our users. Some of these may be set by third parties we trust, such as Google Analytics.

They may also be used to personalise your experience on our website by remembering your preferences and settings.

Marketing cookies

These cookies are used to improve and personalise your experience with our brands. We may use these cookies to show adverts for our products, or measure the performance of our adverts.