|
|
Data Protection Commissioner’s functions
|
| |
7. (1) The Commissioner shall be the competent data protection authority in the State for the purposes of a European Union instrument or the Agreement.
|
| |
(2) The lawfulness of the processing of personal data supplied or received under this Act shall be monitored by the Commissioner.
|
| |
(3) The performance by the Commissioner of his or her function under subsection (2) shall include the carrying out of random checks on the processing of personal data referred to in that subsection.
|
| |
(4) When requested to do so by a data subject, the Commissioner shall examine the lawfulness of the processing of personal data in respect of him or her.
|
| |
(5) The results of any check under subsection (3) or examination under subsection (4) shall be kept by the Data Protection Commissioner for a period of 18 months and shall be deleted upon the expiring of that period.
|
| |
(6) The Commissioner may exchange relevant information with the data protection authority of a designated state where necessary in order for the Commissioner or the data protection authority of that designated state to perform their functions in relation to a European Union instrument or the Agreement.
|
| |
(7) The Commissioner may request the data protection authority of a designated state to perform its functions under the law of that designated state with regard to checking the lawfulness of the processing of personal data supplied by the State to that designated state under a European Union instrument or the Agreement.
|
| |
(8) The Commissioner may receive information from the data protection authority of a designated state arising from the performance by it of the functions referred to in subsection (7) with regard to the processing of the personal data concerned.
|
| |
(9) The Commissioner shall, at the request of the data protection authority of a designated state, perform his or her functions under subsection (1) and he or she shall furnish information to that authority with regard to the processing of the personal data the subject of the request.
|
| |
(10) In this section “Commissioner” means Data Protection Commissioner.
|