Automatic Enrolment Retirement Savings System Act 2024
|
Processing of personal data and special categories of personal data | ||
|
111. (1) The Authority may process personal data, including special categories of personal data, in accordance with the General Data Protection Regulation and the Act of 2018 and any regulations under section 112 where necessary and proportionate for the performance of its functions under this Act. | ||
(2) Subject to subsection (3), a service provider may process personal data, including special categories of personal data, in accordance with the General Data Protection Regulation and the Act of 2018 and any regulations under section 112 where necessary and proportionate for the performance of his, her or its functions under this Act. | ||
(3) A service provider may not process personal data in accordance with Part 5 of the Act of 2018. | ||
(4) For the purposes of this Act, the Authority is designated as controller in relation to personal data processed by it for the purposes of the performance of its functions under this Act, and shall put in place appropriate data processing contracts, where necessary, with each service provider. | ||
(5) In this section— | ||
“controller” means a controller within the meaning of the General Data Protection Regulation; | ||
“General Data Protection Regulation” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 20166 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); | ||
“special categories of personal data” has the same meaning as it has in the Act of 2018. | ||
(6) A word or expression that is used in this section or section 112 and in the General Data Protection Regulation or the Act of 2018 has, unless the context otherwise requires, the same meaning in those sections that it has in the General Data Protection Regulation or the Act of 2018. | ||