John O’Connor, Head of Technology and Commercial Contracts at Matheson wrote the Ireland chapter of The Privacy, Data Protection and Cybersecurity Law Review.
The Privacy, Data Protection and Cybersecurity Law Review, Third EditionMatheson Law Firm
Matheson Partners Anne-Marie Bohan and Andreas Carney co-authored the Irish chapter of The Privacy, Data Protection and Cybersecurity Law Review, Third Edition.
The International Comparative Legal Guide to Business Crime 2016Matheson Law Firm
Matheson partners, Bríd Munnelly and Carina Lawlor, co-author the Ireland chapter for The International Comparative Legal Guide to Business Crime 2016.
The document is the third edition of "The Franchise Law Review" published in January 2016. It provides an overview of franchise law and regulation in multiple countries around the world, with individual chapters authored by legal experts in each respective country. The review is published by Law Business Research Ltd and edited by Mark Abell.
Bryan Dunne, head of the Employment Group, and Bláthnaid Evans, associate in the Employment Group, co-wrote the Ireland chapter for The Employment Law Review, Seventh Edition.
Reproduced with permission from Law Business Research Ltd. This article was first published in The Employment Law Review, Seventh Edition.
The regulatory framework for communications in Ireland is overseen by the Department of Communications, Climate Action and Environment and the Commission for Communications Regulation (ComReg). Operators have a general right to provide electronic communications networks and services once they have notified ComReg. Spectrum licences are generally technology and service neutral, and licensed spectrum is tradable subject to ComReg approval to prevent anti-competitive effects. ComReg is currently working to release additional spectrum bands such as 700MHz and 3.6GHz to facilitate the development of 5G networks.
Employment in Ireland is regulated by an extensive statutory framework, much of which finds its origin in European Community law. The Irish Constitution, the law of equity and
the common law remain relevant, particularly in relation to applications for injunctions to restrain dismissals and actions for breach of contract.
This document provides an overview of corporate governance laws and regulations in Romania. It discusses the main corporate entities subject to governance rules, including state-owned enterprises, companies listed on the stock exchange, and financial institutions regulated by the Financial Supervisory Authority. The key legislation and regulations governing corporate governance are outlined, as well as non-mandatory sources such as the Bucharest Stock Exchange Corporate Governance Code. Current issues include the disappointing progress in implementing rules for state-owned enterprises and the lack of a clear monitoring body. Shareholder rights and typical shareholder meetings are also summarized.
Helen Kelly, partner and head of Matheson's EU, Competition and Regulatory Group, authored the Irish chapter for Getting the Deal Through - Merger Control 2016.
The Privacy, Data Protection and Cybersecurity Law Review, Third EditionMatheson Law Firm
Matheson Partners Anne-Marie Bohan and Andreas Carney co-authored the Irish chapter of The Privacy, Data Protection and Cybersecurity Law Review, Third Edition.
The International Comparative Legal Guide to Business Crime 2016Matheson Law Firm
Matheson partners, Bríd Munnelly and Carina Lawlor, co-author the Ireland chapter for The International Comparative Legal Guide to Business Crime 2016.
The document is the third edition of "The Franchise Law Review" published in January 2016. It provides an overview of franchise law and regulation in multiple countries around the world, with individual chapters authored by legal experts in each respective country. The review is published by Law Business Research Ltd and edited by Mark Abell.
Bryan Dunne, head of the Employment Group, and Bláthnaid Evans, associate in the Employment Group, co-wrote the Ireland chapter for The Employment Law Review, Seventh Edition.
Reproduced with permission from Law Business Research Ltd. This article was first published in The Employment Law Review, Seventh Edition.
The regulatory framework for communications in Ireland is overseen by the Department of Communications, Climate Action and Environment and the Commission for Communications Regulation (ComReg). Operators have a general right to provide electronic communications networks and services once they have notified ComReg. Spectrum licences are generally technology and service neutral, and licensed spectrum is tradable subject to ComReg approval to prevent anti-competitive effects. ComReg is currently working to release additional spectrum bands such as 700MHz and 3.6GHz to facilitate the development of 5G networks.
Employment in Ireland is regulated by an extensive statutory framework, much of which finds its origin in European Community law. The Irish Constitution, the law of equity and
the common law remain relevant, particularly in relation to applications for injunctions to restrain dismissals and actions for breach of contract.
This document provides an overview of corporate governance laws and regulations in Romania. It discusses the main corporate entities subject to governance rules, including state-owned enterprises, companies listed on the stock exchange, and financial institutions regulated by the Financial Supervisory Authority. The key legislation and regulations governing corporate governance are outlined, as well as non-mandatory sources such as the Bucharest Stock Exchange Corporate Governance Code. Current issues include the disappointing progress in implementing rules for state-owned enterprises and the lack of a clear monitoring body. Shareholder rights and typical shareholder meetings are also summarized.
Helen Kelly, partner and head of Matheson's EU, Competition and Regulatory Group, authored the Irish chapter for Getting the Deal Through - Merger Control 2016.
Bark and Co Solicitors London: The Firm, bark & co solicitors, giles bark jon...mikebrussel
THE FIRM Bark & Co is one of the UK’s leading fraud and business crime firms. The firm’s highly-skilled lawyers are committed to providing expert advice at every stage of proceedings. The firm’s principal aims are to avoid expensive litigation whenever possible and to fight tenaciously to protect its clients’ interests.
Established in 1996 by Giles Bark-Jones, Bark & Co has developed into one of the Country’s most progressive and successful fraud firms. A founder member of the Specialist Fraud Panel, the firm specialises in commercial and criminal fraud as well as serious crime, business and tax regulation, tax investigations and corporate obligations associated with health and safety enforcement. The firm acts for private individuals as well as national and international companies. It has also established itself as a leader in the field of cash and asset recovery in both criminal and civil courts.
Bark & Co prides itself on the individual expertise of its lawyers, the collective strength of its specialist teams and their skill in tailoring advice to match each client’s individual circumstances. Bark & Co’s rigorous commitment to quality of advice and personalised service has lead to significant work through referrals by both clients and other leading law firms.
Bark & Co Solicitors London: The Firm, bark & co solicitors, giles bark jones...mikebrussel
THE FIRM Bark & Co is one of the UK’s leading fraud and business crime firms. The firm’s highly-skilled lawyers are committed to providing expert advice at every stage of proceedings. The firm’s principal aims are to avoid expensive litigation whenever possible and to fight tenaciously to protect its clients’ interests.
Established in 1996 by Giles Bark-Jones, Bark & Co has developed into one of the Country’s most progressive and successful fraud firms. A founder member of the Specialist Fraud Panel, the firm specialises in commercial and criminal fraud as well as serious crime, business and tax regulation, tax investigations and corporate obligations associated with health and safety enforcement. The firm acts for private individuals as well as national and international companies. It has also established itself as a leader in the field of cash and asset recovery in both criminal and civil courts.
Bark & Co prides itself on the individual expertise of its lawyers, the collective strength of its specialist teams and their skill in tailoring advice to match each client’s individual circumstances. Bark & Co’s rigorous commitment to quality of advice and personalised service has lead to significant work through referrals by both clients and other leading law firms.
Getting The Deal Through: Anti-Corruption Regulation 2016Matheson Law Firm
Matheson partners, Bríd Munnelly, Carina Lawlor and Michael Byrne, co-wrote the Ireland chapter for Getting The Deal Through: Anti-Corruption Regulation 2016.
Reproduced with permission from Law Business Research Ltd. This article was first published in Getting the Deal Through: Anti-Corruption Regulation 2016.
This document is the introduction to The Tax Disputes and Litigation Review, 4th Edition, edited by Simon Whitehead. It provides information about the publication, including details on the editor, publishers, and contributors. The Review contains chapters on tax disputes and litigation in various countries, with each chapter outlining the procedural rules and key issues for taxpayers in the respective jurisdiction. It aims to help tax professionals dealing with disputes across multiple countries.
The International Comparative Legal Guide to: Enforcement of Foreign Judgment...Matheson Law Firm
Matheson's Julie Murphy-O'Connor and Gearóid Carey co-wrote the Ireland chapter for The International Comparative Legal Guide to: Enforcement of Foreign Judgments 2016.
The telecoms, audio-visual media distribution, and internet sectors in the Dominican Republic have been liberalized and opened to competition. The key legislation governing these sectors is the General Telecommunications Law #153-98. The main regulatory authority is the Dominican Telecommunications Institute (Indotel). While foreign investment and ownership are permitted in telecoms and internet sectors, in the audio-visual media sector the controlling investor of a broadcasting entity must be Dominican. The telecoms market is dominated by Claro, Orange, and Tricom, which were recently acquired by Altice, S.A. Licenses from Indotel are required to use radio spectrum and concessions are needed to provide telecom services
This document provides an overview of competition litigation in various jurisdictions around the world. It contains general chapters on topics related to private antitrust enforcement and damages actions. It also contains country-specific question and answer chapters on 35 different countries/regions and their competition laws and private litigation procedures. The document was published by Global Legal Group to provide a practical guide on cross-border competition litigation issues. It contains contributions from various law firms and is intended to indicate key legal issues without providing full legal advice.
The International Comparative Legal Guide to Corporate Tax 2014Julia Smirnova
GLG published its 2014 edition of the ICLG: Corporate Tax which has been fully revised and updated to cover the key issues of current applicable regulation, including full analysis of important aspects of cross-border transactions and international law. With contributions from over 40 leading law firms worldwide, the guide offers concise and comprehensive guidelines for global investors operating across various jurisdictions. Lidings’ partner, head of Tax and Customs practice Stepan Guzey has authored exclusive coverage of Russian regulation.
Bark & Co, fred bunn, bark & co, solicitors londonalbertprey
THE FIRM Bark & Co is one of the UK’s leading fraud and business crime firms. The firm’s highly-skilled lawyers are committed to providing expert advice at every stage of proceedings. The firm’s principal aims are to avoid expensive litigation whenever possible and to fight tenaciously to protect its clients’ interests.
Established in 1996 by Giles Bark-Jones, Bark & Co has developed into one of the Country’s most progressive and successful fraud firms. A founder member of the Specialist Fraud Panel, the firm specialises in commercial and criminal fraud as well as serious crime, business and tax regulation, tax investigations and corporate obligations associated with health and safety enforcement. The firm acts for private individuals as well as national and international companies. It has also established itself as a leader in the field of cash and asset recovery in both criminal and civil courts.
Matheson partners Bríd Munnelly, Carina Lawlor, Nicola Dunleavy and Michael Byrne co-authored the Ireland chapter for The International Investigations Review 2016.
The International Comparative Legal Guide to: Corporate Governance 2016McCannFitzGerald
David Byers & Paul Heffernan co-authored the Irish chapter of The International Comparative Legal Guide to: Corporate Governance published by Global Legal Group Ltd, London.
Fcpa And Anti Corruption Task Force Mo Fomofo1234567
This document provides information about Morrison & Foerster's experience conducting Foreign Corrupt Practices Act (FCPA) investigations in Asia. It discusses their team of over 200 attorneys across Asia, including 45 licensed in Japan, 17 in Hong Kong, 17 in England and Wales, and 22 in China. It also notes their experience conducting a wide range of investigations in China, both domestic and with global reach. The firm can support investigations with former prosecutors and enforcement attorneys, as well as forensic accounting experts.
The International Comparative Legal Guide: Private Client 2019Matheson Law Firm
Private Client partner, John Gill and Private Client senior associate, Lydia McCormack co-author the Ireland 2019 chapter of the International Comparative Legal Guide to Private Client.
Lidings is a leading law firm in Russia and CIS that represents clients in their relations with Russian government authorities. The firm provides comprehensive legal advice and assistance to foreign companies entering the Russian market, including obtaining necessary government approvals and permits. Lidings has experience advising international clients across various industries on public-private partnership projects, construction projects, land development, and other matters involving the Russian government.
Matheson partners Sharon Daly, Darren Maher and April McClements co-wrote the Ireland chapter for The Insurance and Reinsurance Law Review, fourth edition.
THE FIRM Bark & Co is one of the UK’s leading fraud and business crime firms. The firm’s highly-skilled lawyers are committed to providing expert advice at every stage of proceedings. The firm’s principal aims are to avoid expensive litigation whenever possible and to fight tenaciously to protect its clients’ interests.
Established in 1996 by Giles Bark-Jones, Bark & Co has developed into one of the Country’s most progressive and successful fraud firms.
Dutch authorities opened an investigation in 2015 into TS Dutch holding company for allegedly paying bribes in Uzbekistan. The US Department of Justice and Securities and Exchange Commission also investigated claims of bribery related to transactions in Uzbekistan and Azerbaijan. Vimpelcom ultimately paid $795 million in penalties to US and Dutch authorities for violations of the Foreign Corrupt Practices Act. A report also found weaknesses in Telenor's oversight of its ownership in Vimpelcom, though no Telenor employees were directly involved in corrupt actions. Telenor's CEO and general counsel resigned in relation to the matter.
The International Comparative Legal Guide to Product Liability 2015Matheson Law Firm
This document provides an overview of product liability law in Ireland. It discusses the main systems of liability including strict liability under statute as well as fault-based liability in tort and contract. It notes that contractual liability is often difficult to establish against manufacturers for injured parties. Criminal liability can arise for supplying unsafe products under relevant statutes. There is no general state compensation scheme in Ireland but ad hoc schemes have been established in some cases. The document outlines who can be responsible under different liability systems and discusses issues such as burden of proof, obligations to recall products, and criminal sanctions.
13.01.22 datos de comercio por ccaa, provincias y añoseconred
The document summarizes the number of affiliates in different Spanish regions and provinces from 2008 to 2013. It shows that the total number of affiliates decreased from 879,076 in 2008 to 783,298 in 2013, a decline of 95,778 affiliates over that period. Most regions saw a decrease in affiliates from 2008 to 2012 and a further small decrease or occasional increase from 2012 to 2013. The largest decreases were in Catalonia (-20,264 from 2008 to 2013) and the Valencian Community (-10,901 over the same period).
James d kuhn | strategies for real estate catastrophe propertyJames D Kuhn
This document provides strategies for managing real estate catastrophe risks and property and liability exposures, including:
1) Using catastrophe modeling software to input property characteristics and effectively set insurance limits based on actuarial analysis and data gathering.
2) Obtaining secondary property insurance and working with risk partners to better understand locations exposed to natural catastrophes and reduce premiums.
3) Negotiating to eliminate subcontractor warranty exclusions from general liability policies to avoid potential costly gaps in coverage.
Bark and Co Solicitors London: The Firm, bark & co solicitors, giles bark jon...mikebrussel
THE FIRM Bark & Co is one of the UK’s leading fraud and business crime firms. The firm’s highly-skilled lawyers are committed to providing expert advice at every stage of proceedings. The firm’s principal aims are to avoid expensive litigation whenever possible and to fight tenaciously to protect its clients’ interests.
Established in 1996 by Giles Bark-Jones, Bark & Co has developed into one of the Country’s most progressive and successful fraud firms. A founder member of the Specialist Fraud Panel, the firm specialises in commercial and criminal fraud as well as serious crime, business and tax regulation, tax investigations and corporate obligations associated with health and safety enforcement. The firm acts for private individuals as well as national and international companies. It has also established itself as a leader in the field of cash and asset recovery in both criminal and civil courts.
Bark & Co prides itself on the individual expertise of its lawyers, the collective strength of its specialist teams and their skill in tailoring advice to match each client’s individual circumstances. Bark & Co’s rigorous commitment to quality of advice and personalised service has lead to significant work through referrals by both clients and other leading law firms.
Bark & Co Solicitors London: The Firm, bark & co solicitors, giles bark jones...mikebrussel
THE FIRM Bark & Co is one of the UK’s leading fraud and business crime firms. The firm’s highly-skilled lawyers are committed to providing expert advice at every stage of proceedings. The firm’s principal aims are to avoid expensive litigation whenever possible and to fight tenaciously to protect its clients’ interests.
Established in 1996 by Giles Bark-Jones, Bark & Co has developed into one of the Country’s most progressive and successful fraud firms. A founder member of the Specialist Fraud Panel, the firm specialises in commercial and criminal fraud as well as serious crime, business and tax regulation, tax investigations and corporate obligations associated with health and safety enforcement. The firm acts for private individuals as well as national and international companies. It has also established itself as a leader in the field of cash and asset recovery in both criminal and civil courts.
Bark & Co prides itself on the individual expertise of its lawyers, the collective strength of its specialist teams and their skill in tailoring advice to match each client’s individual circumstances. Bark & Co’s rigorous commitment to quality of advice and personalised service has lead to significant work through referrals by both clients and other leading law firms.
Getting The Deal Through: Anti-Corruption Regulation 2016Matheson Law Firm
Matheson partners, Bríd Munnelly, Carina Lawlor and Michael Byrne, co-wrote the Ireland chapter for Getting The Deal Through: Anti-Corruption Regulation 2016.
Reproduced with permission from Law Business Research Ltd. This article was first published in Getting the Deal Through: Anti-Corruption Regulation 2016.
This document is the introduction to The Tax Disputes and Litigation Review, 4th Edition, edited by Simon Whitehead. It provides information about the publication, including details on the editor, publishers, and contributors. The Review contains chapters on tax disputes and litigation in various countries, with each chapter outlining the procedural rules and key issues for taxpayers in the respective jurisdiction. It aims to help tax professionals dealing with disputes across multiple countries.
The International Comparative Legal Guide to: Enforcement of Foreign Judgment...Matheson Law Firm
Matheson's Julie Murphy-O'Connor and Gearóid Carey co-wrote the Ireland chapter for The International Comparative Legal Guide to: Enforcement of Foreign Judgments 2016.
The telecoms, audio-visual media distribution, and internet sectors in the Dominican Republic have been liberalized and opened to competition. The key legislation governing these sectors is the General Telecommunications Law #153-98. The main regulatory authority is the Dominican Telecommunications Institute (Indotel). While foreign investment and ownership are permitted in telecoms and internet sectors, in the audio-visual media sector the controlling investor of a broadcasting entity must be Dominican. The telecoms market is dominated by Claro, Orange, and Tricom, which were recently acquired by Altice, S.A. Licenses from Indotel are required to use radio spectrum and concessions are needed to provide telecom services
This document provides an overview of competition litigation in various jurisdictions around the world. It contains general chapters on topics related to private antitrust enforcement and damages actions. It also contains country-specific question and answer chapters on 35 different countries/regions and their competition laws and private litigation procedures. The document was published by Global Legal Group to provide a practical guide on cross-border competition litigation issues. It contains contributions from various law firms and is intended to indicate key legal issues without providing full legal advice.
The International Comparative Legal Guide to Corporate Tax 2014Julia Smirnova
GLG published its 2014 edition of the ICLG: Corporate Tax which has been fully revised and updated to cover the key issues of current applicable regulation, including full analysis of important aspects of cross-border transactions and international law. With contributions from over 40 leading law firms worldwide, the guide offers concise and comprehensive guidelines for global investors operating across various jurisdictions. Lidings’ partner, head of Tax and Customs practice Stepan Guzey has authored exclusive coverage of Russian regulation.
Bark & Co, fred bunn, bark & co, solicitors londonalbertprey
THE FIRM Bark & Co is one of the UK’s leading fraud and business crime firms. The firm’s highly-skilled lawyers are committed to providing expert advice at every stage of proceedings. The firm’s principal aims are to avoid expensive litigation whenever possible and to fight tenaciously to protect its clients’ interests.
Established in 1996 by Giles Bark-Jones, Bark & Co has developed into one of the Country’s most progressive and successful fraud firms. A founder member of the Specialist Fraud Panel, the firm specialises in commercial and criminal fraud as well as serious crime, business and tax regulation, tax investigations and corporate obligations associated with health and safety enforcement. The firm acts for private individuals as well as national and international companies. It has also established itself as a leader in the field of cash and asset recovery in both criminal and civil courts.
Matheson partners Bríd Munnelly, Carina Lawlor, Nicola Dunleavy and Michael Byrne co-authored the Ireland chapter for The International Investigations Review 2016.
The International Comparative Legal Guide to: Corporate Governance 2016McCannFitzGerald
David Byers & Paul Heffernan co-authored the Irish chapter of The International Comparative Legal Guide to: Corporate Governance published by Global Legal Group Ltd, London.
Fcpa And Anti Corruption Task Force Mo Fomofo1234567
This document provides information about Morrison & Foerster's experience conducting Foreign Corrupt Practices Act (FCPA) investigations in Asia. It discusses their team of over 200 attorneys across Asia, including 45 licensed in Japan, 17 in Hong Kong, 17 in England and Wales, and 22 in China. It also notes their experience conducting a wide range of investigations in China, both domestic and with global reach. The firm can support investigations with former prosecutors and enforcement attorneys, as well as forensic accounting experts.
The International Comparative Legal Guide: Private Client 2019Matheson Law Firm
Private Client partner, John Gill and Private Client senior associate, Lydia McCormack co-author the Ireland 2019 chapter of the International Comparative Legal Guide to Private Client.
Lidings is a leading law firm in Russia and CIS that represents clients in their relations with Russian government authorities. The firm provides comprehensive legal advice and assistance to foreign companies entering the Russian market, including obtaining necessary government approvals and permits. Lidings has experience advising international clients across various industries on public-private partnership projects, construction projects, land development, and other matters involving the Russian government.
Matheson partners Sharon Daly, Darren Maher and April McClements co-wrote the Ireland chapter for The Insurance and Reinsurance Law Review, fourth edition.
THE FIRM Bark & Co is one of the UK’s leading fraud and business crime firms. The firm’s highly-skilled lawyers are committed to providing expert advice at every stage of proceedings. The firm’s principal aims are to avoid expensive litigation whenever possible and to fight tenaciously to protect its clients’ interests.
Established in 1996 by Giles Bark-Jones, Bark & Co has developed into one of the Country’s most progressive and successful fraud firms.
Dutch authorities opened an investigation in 2015 into TS Dutch holding company for allegedly paying bribes in Uzbekistan. The US Department of Justice and Securities and Exchange Commission also investigated claims of bribery related to transactions in Uzbekistan and Azerbaijan. Vimpelcom ultimately paid $795 million in penalties to US and Dutch authorities for violations of the Foreign Corrupt Practices Act. A report also found weaknesses in Telenor's oversight of its ownership in Vimpelcom, though no Telenor employees were directly involved in corrupt actions. Telenor's CEO and general counsel resigned in relation to the matter.
The International Comparative Legal Guide to Product Liability 2015Matheson Law Firm
This document provides an overview of product liability law in Ireland. It discusses the main systems of liability including strict liability under statute as well as fault-based liability in tort and contract. It notes that contractual liability is often difficult to establish against manufacturers for injured parties. Criminal liability can arise for supplying unsafe products under relevant statutes. There is no general state compensation scheme in Ireland but ad hoc schemes have been established in some cases. The document outlines who can be responsible under different liability systems and discusses issues such as burden of proof, obligations to recall products, and criminal sanctions.
13.01.22 datos de comercio por ccaa, provincias y añoseconred
The document summarizes the number of affiliates in different Spanish regions and provinces from 2008 to 2013. It shows that the total number of affiliates decreased from 879,076 in 2008 to 783,298 in 2013, a decline of 95,778 affiliates over that period. Most regions saw a decrease in affiliates from 2008 to 2012 and a further small decrease or occasional increase from 2012 to 2013. The largest decreases were in Catalonia (-20,264 from 2008 to 2013) and the Valencian Community (-10,901 over the same period).
James d kuhn | strategies for real estate catastrophe propertyJames D Kuhn
This document provides strategies for managing real estate catastrophe risks and property and liability exposures, including:
1) Using catastrophe modeling software to input property characteristics and effectively set insurance limits based on actuarial analysis and data gathering.
2) Obtaining secondary property insurance and working with risk partners to better understand locations exposed to natural catastrophes and reduce premiums.
3) Negotiating to eliminate subcontractor warranty exclusions from general liability policies to avoid potential costly gaps in coverage.
The Vice President of Internal Audit is responsible for developing and executing Countrywide Financial's annual audit plan, managing risk assessments, reviewing workpapers and reports, and advising senior management. They will oversee an audit team and have at least 12 years of audit experience in financial or mortgage industries. The ideal candidate has strong communication, leadership, and project management skills as well as a degree in accounting, finance, or business and a professional audit designation.
The document discusses the history and development of artificial intelligence over the past 70 years. It outlines some of the key milestones in AI research including the creation of logic theories, machine learning algorithms, and neural networks. Recent advances in deep learning now allow AI systems to perform complex tasks like image recognition and natural language processing.
Kelly Financial Resources (KFR) is a division of Kelly Services that provides staffing solutions for shared services, outsourcing, and finance roles. KFR specializes in areas like financial shared services, banking, business analytics, accounting, and business consulting. It recruits for positions in accounts payable/receivable, general ledger, risk management, and other finance functions. KFR is part of Kelly Services, a global staffing leader, and offers recruitment and workforce solutions in India through multiple offices.
This resort located directly on 7 miles of Gulf beach offers 319 guest rooms and suites, two swimming pools, tennis courts, and a spa. It has over 34,000 square feet of meeting and event space with Gulf views. On-site amenities include two restaurants, a poolside bar, beach equipment rentals, and daily activities. The golf course is undergoing a redesign by Jack Nicklaus and John Sanford to be completed in 2016.
SAP AG es el primer proveedor mundial de aplicaciones de software empresarial. Ofrece soluciones integradas de negocios como My SAP Business Suite, que permite mejorar continuamente más de 1,000 procesos empresariales considerados mejores prácticas. Con más de 12 millones de usuarios, 100,600 instalaciones y 1,500 socios, SAP es la compañía de software inter-empresa más grande del mundo.
The Logik 25-s is an Industrial Control Equipment (Not a Safety Instrument) for the Operation of a Screw Compressor. Refer electrical drawing and legend of the connections in this manual. For more technical details, visit - https://www.eatoncompressor.com/rotary-screw-compressors
El documento clasifica los diferentes tipos de sistemas operativos, incluyendo sistemas operativos monotareas, monousuarios y multiusuarios; sistemas operativos por lotes, de tiempo real y tiempo compartido; y sistemas operativos distribuidos, de red y paralelos.
The Foreign Investment Regulation Review, Fifth Edition Matheson Law Firm
Pat English and Grace Murray provide an overview on Foreign Investment Regulation in Ireland in the 5th edition of The Foreign Investment Regulation Review.
This document provides an introduction and table of contents for The Real Estate Law Review, 4th Edition. It was edited by David Waterfield and published by Law Business Research Ltd in February 2015. The Review contains chapters on real estate law and practice in 35 different jurisdictions around the world, written by expert local practitioners. It is part of the larger series of annual law reviews published by Law Business Research covering various legal topics.
The Banking Regulation Review - Poland - ChapterMedia SPCG
This document provides an overview and introduction to The Banking Regulation Review, 7th Edition. It lists the editor, Jan Putnis, and provides publishing details such as the publisher, marketing and production teams. It also lists acknowledgments to various law firms that assisted in preparing the content. Finally, it provides a table of contents that outlines the 37 chapters covering banking regulation in countries around the world. The document serves as an overview and introduction to the compilation.
The International Comparative Legal Guide to Insurance & Reinsurance 2017_6th...Matheson Law Firm
This document summarizes the implications of Brexit for the UK insurance industry. It notes that UK insurers currently rely on EU "passporting" rights to operate across the single market, but these rights will likely be lost after Brexit. As a result, many UK insurers are considering establishing subsidiaries in the EU to maintain access to the single market. Ireland is presented as an attractive option for UK insurers due to its common law system, educated workforce, low corporate tax rate, and proximity and cultural ties to the UK. The document outlines some of Ireland's advantages and why it could be a good jurisdiction for UK insurers to base future EU operations.
The enforcement of cartel laws in Nigeria is at an early stage of development. There is no dedicated competition law regulator and no general law prohibiting cartels. Regulation has focused on specific sectors rather than general competition law. Broad statutes exist but lack detail, and there is little precedent. Proposals for law reform have been made but not implemented. Enforcement has been limited as key sectors have tended toward monopoly or fragmentation rather than oligopoly. Overall, while the possibilities for cartel enforcement in Nigeria are large, the current framework and precedent remain limited.
The International Comparative Legal Guide to Private Client 2016 Matheson Law Firm
Matheson partner John Gill and associate Allison Dey co-authored the Ireland chapter for The International Comparative Legal Guide to Private Client 2016.
The Transfer Pricing Law Review Second Edition: Ireland Matheson Law Firm
The document summarizes Ireland's transfer pricing laws, which were introduced in 2010 through legislation. The laws are set out in Part 35A of Ireland's Taxes Consolidation Act 1997. While arm's length principles existed previously in some contexts, the 2010 laws formalized transfer pricing compliance requirements for transactions between related parties. The laws require documentation of transfer prices and allow the tax authorities to adjust prices if they are not consistent with the arm's length principle. Disputes are handled through negotiations with tax inspectors and potential appeals.
The International Investigations Review Eighth EditionMatheson Law Firm
Partners Karen Reynolds, Claire McLoughlin and Nicola Dunleavy co-author the Ireland chapter for The International Investigations Review Eighth Edition.
International Investigations Review - Ireland chapterCatherine Allen
The document provides an overview of the various authorities that can investigate and prosecute corporations for criminal offenses or regulatory violations in Ireland. It discusses the powers of key agencies like An Garda Síochána (the Irish police force), the Director of Corporate Enforcement, the Director of Public Prosecutions, the Revenue Commissioners, and the Competition Authority to investigate potential wrongdoing and impose penalties. The Director of Corporate Enforcement in particular has broad powers to search premises, demand documents, seize evidence, and appoint inspectors to investigate suspected violations of company law. Prosecution can result in fines, restrictions on individuals acting as directors, or criminal charges brought by the Director of Public Prosecutions.
The Technology_Media and Telecommunications review_KazakhstanAssem Tnalina
This document provides an overview and introduction to the fifth edition of The Technology, Media and Telecommunications Review, which examines the evolving legal landscape in 29 jurisdictions around the world. The review is edited by John P Janka and contains 29 chapters authored by expert contributors from leading law firms in each jurisdiction. The chapters provide summaries of key regulations and recent legal developments in areas such as competition law, spectrum licensing, media ownership rules, data protection, and privacy issues in each country's telecommunications, media and technology sectors.
The document is the sixth edition of The Employment Law Review, edited by Erika C Collins. It provides an overview of employment law in multiple jurisdictions around the world. The review contains individual chapters on the employment law of various countries, written by local expert contributors. It is published by Law Business Research Ltd and covers topics such as diversity, social media, cross-border M&A transactions, and other international employment issues.
Partner Helen Kelly and Senior Associate Ronan Scanlan of the EU, Competition and Regulatory Group co-author the Ireland chapter for Getting the Deal Through: Merger Control 2019.
The International Comparative Legal Guide to: Data Protection 2014Hogan Lovells BSTL
The document provides an overview of data protection laws and regulations in Mexico. It discusses the key Mexican data protection legislation, the Federal Law on Protection of Personal Data held by Private Parties, and the relevant regulatory authority, the Federal Institute for Access to Public Information and Data Protection. Some of the main principles that apply under Mexican data protection law include obtaining consent, ensuring data quality, providing information to individuals, lawful basis for processing, and purpose limitation. Individuals have rights such as access, rectification, cancellation and objection relating to the processing of their personal data. Mexico does not require registration or notification with the data protection authority.
The Cyprus chapter in ICLG Merger Control 2016 covers common issues in merger control laws and regulations – including relevant authorities and legislation, notification and its impact on the transaction timetable, remedies, appeals and enforcement and substantive assessment
The International Comparative Legal Guide to Insurance and Reinsurance 2018Matheson Law Firm
Darren Maher, Head of the Financial Institutions Group at Matheson and a member of the firm's Brexit Advisory Group, discusses Brexit relocations to Ireland in The International Comparative Legal Guide to: Insurance and Reinsurance 2018.
The key points from the document are:
1. Ireland introduced formal transfer pricing legislation in 2010 that requires transactions between related parties to be conducted at arm's length prices.
2. The Irish transfer pricing rules were substantially updated in 2019 to broaden their scope of application.
3. Under the Irish rules, the taxable profits of companies must be computed based on accounting profits, subject to any adjustments required by law, including transfer pricing adjustments. Adjustments may deem transactions at undervalue to be deemed distributions for company law purposes.
Lexology Getting the Deal Through Air Transport 2020Matheson Law Firm
Finance and Capital Markets partners Rory McPhilips and Stuart Kennedy and senior associate, Stephen Gardiner co-author the Ireland chapter of Getting the Deal Through Air Transport 2020.
Corporate M&A partners Brian McCloskey and Fergus Bolster co-author the Ireland chapter of the International Comparative Legal Guide to Mergers and Acquisitions..
Stuart Kennedy, partner, authors The Assumption of Jurisdiction by the Irish Courts in Cases Involving the Registrar of the International chapter of the Cape Town Convention Journal.
Registry
1. Ireland taxes individuals based on their residence and domicile status. Resident and domiciled individuals are taxed on worldwide income and capital gains. Resident but non-domiciled individuals are taxed on Irish-source income and foreign income remitted to Ireland.
2. Ireland has gift, estate, and wealth transfer taxes called Capital Acquisitions Tax (CAT) imposed on beneficiaries. Rates are 33% but certain transfers like between spouses are exempt.
3. Other relevant taxes include income tax, capital gains tax, universal social charge, value-added tax, stamp duties, and a domicile levy for high-earning non-domiciled individuals.
International Comparative Legal Guide to Private Equity 2019Matheson Law Firm
Corporate partner, Brian McCloskey and Tax partner, Aidan Fahy co-author the Ireland chapter of the International Comparative Legal Guide to Private Equity 2019.
Commercial Litigation and Dispute Resolution partner, April McClements and senior associate, Aoife McCluskey co-author the Ireland chapter of the Class Actions Law Review, 3rd Edition.
Commercial Litigation and Dispute Resolution partner, Julie Murphy O'Connor and senior associate, Kevin Gahan co-author the Ireland chapter of the Insolvency Review, 7th Edition.
International Comparative Legal Guide to Business Crime 2020Matheson Law Firm
Commercial Litigation and Dispute Resolution partners Karen Reynolds and Claire McLoughlin co-author the Ireland chapter of the International Comparative Legal Guide to Business Crime.
This document provides information about transfer pricing rules and regulations in Ireland. It discusses the primary Irish transfer pricing legislation, the government agency responsible for enforcement, the role of the OECD Transfer Pricing Guidelines, the types of transactions covered by the rules, and Ireland's adherence to the arm's length principle. It also addresses Ireland's implementation of the OECD's base erosion and profit shifting (BEPS) project and its effects on the applicable transfer pricing rules.
Finance and Capital Market partners Rory McPhillips and Stuart Kennedy and senior associate, Stephen Gardiner co-author the Ireland chapter of GTDT Air Transport 2020.
Getting the Deal Through: Insurance Litigation 2019Matheson Law Firm
Litigation partners, Sharon Daly and April McClements and senior associate, Aoife McCluskey author the Ireland chapter of Getting the Deal Through 2019.
Ireland introduced formal transfer pricing legislation in 2010 that broadly applies the arm's length principle to transactions between related parties, requiring the substitution of an arm's length amount for the actual consideration in computing taxable profits. The legislation applies equally to domestic and international transactions but does not apply to small and medium-sized enterprises. An adjustment to the accounting profits for tax purposes under the transfer pricing rules could also result in a deemed distribution under company law if the transaction was undertaken at an undervalue.
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordinary And Special Businesses And Ordinary And Special Resolutions with Companies (Postal Ballot) Regulations, 2018
Genocide in International Criminal Law.pptxMasoudZamani13
Excited to share insights from my recent presentation on genocide! 💡 In light of ongoing debates, it's crucial to delve into the nuances of this grave crime.
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersHarpreetSaini48
Discover how Mississauga criminal defence lawyers defend clients facing weapon offence charges with expert legal guidance and courtroom representation.
To know more visit: https://www.saini-law.com/
This document briefly explains the June compliance calendar 2024 with income tax returns, PF, ESI, and important due dates, forms to be filled out, periods, and who should file them?.
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee
Presentation slides for a session held on June 4, 2024, at Kyoto University. This presentation is based on the presenter’s recent paper, coauthored with Hwang Lee, Professor, Korea University, with the same title, published in the Journal of Business Administration & Law, Volume 34, No. 2 (April 2024). The paper, written in Korean, is available at <https://shorturl.at/GCWcI>.
Matthew Professional CV experienced Government LiaisonMattGardner52
As an experienced Government Liaison, I have demonstrated expertise in Corporate Governance. My skill set includes senior-level management in Contract Management, Legal Support, and Diplomatic Relations. I have also gained proficiency as a Corporate Liaison, utilizing my strong background in accounting, finance, and legal, with a Bachelor's degree (B.A.) from California State University. My Administrative Skills further strengthen my ability to contribute to the growth and success of any organization.
सुप्रीम कोर्ट ने यह भी माना था कि मजिस्ट्रेट का यह कर्तव्य है कि वह सुनिश्चित करे कि अधिकारी पीएमएलए के तहत निर्धारित प्रक्रिया के साथ-साथ संवैधानिक सुरक्षा उपायों का भी उचित रूप से पालन करें।
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Massimo Talia
This guide aims to provide information on how lawyers will be able to use the opportunities provided by AI tools and how such tools could help the business processes of small firms. Its objective is to provide lawyers with some background to understand what they can and cannot realistically expect from these products. This guide aims to give a reference point for small law practices in the EU
against which they can evaluate those classes of AI applications that are probably the most relevant for them.
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
The Privacy, Data Protection and Cybersecurity Law Review, 2nd edition
1. 409
Appendix 2
CONTRIBUTING LAW FIRMS’
CONTACT DETAILS
ADVOKATFIRMAET SIMONSEN
VOGT WIIG AS
Filipstad Brygge 1
PO Box 2043
Vika 0125
Oslo
Norway
Tel: +47 21 95 55 00
Fax: +47 21 95 55 01
tmy@svw.no
ts@svw.no
www.svw.no
ALLENS
101 Collins Street
Melbourne
Victoria 3000
Australia
Tel: +61 3 9613 8839
Fax: +61 3 9614 4661
michael.pattison@allens.com.au
www.allens.com.au
ASTREA
Louizalaan 235
1050 Brussels
Belgium
Tel: +32 2 215 97 58
Fax: +32 2 216 50 91
sds@astrealaw.be
tda@astrealaw.be
www.astrealaw.be
BOGSCH & PARTNERS LAW FIRM
Királyhágó tér 8–9
1126 Budapest
Hungary
Tel: +36 1 318 1945
Fax: +36 1 318 7828
tamas.godolle@bogsch.hu
www.bogsch.hu
The Privacy,
Data Protection
and Cybersecurity
Law Review
Law Business Research
Second Edition
Editor
Alan Charles Raul
2. The Privacy, Data Protection and
Cybersecurity Law Review
The Privacy, Data Protection and Cybersecurity Law Review
Reproduced with permission from Law Business Research Ltd.
This article was first published in The Privacy, Data Protection and
Cybersecurity Law Review - Edition 2
(published in November 2015 – editor Alan Charles Raul)
For further information please email
Nick.Barette@lbresearch.com
5. THE MERGERS AND ACQUISITIONS REVIEW
THE RESTRUCTURING REVIEW
THE PRIVATE COMPETITION ENFORCEMENT REVIEW
THE DISPUTE RESOLUTION REVIEW
THE EMPLOYMENT LAW REVIEW
THE PUBLIC COMPETITION ENFORCEMENT REVIEW
THE BANKING REGULATION REVIEW
THE INTERNATIONAL ARBITRATION REVIEW
THE MERGER CONTROL REVIEW
THE TECHNOLOGY, MEDIA AND
TELECOMMUNICATIONS REVIEW
THE INWARD INVESTMENT AND
INTERNATIONAL TAXATION REVIEW
THE CORPORATE GOVERNANCE REVIEW
THE CORPORATE IMMIGRATION REVIEW
THE INTERNATIONAL INVESTIGATIONS REVIEW
THE PROJECTS AND CONSTRUCTION REVIEW
THE INTERNATIONAL CAPITAL MARKETS REVIEW
THE REAL ESTATE LAW REVIEW
THE PRIVATE EQUITY REVIEW
THE ENERGY REGULATION AND MARKETS REVIEW
THE INTELLECTUAL PROPERTY REVIEW
THE ASSET MANAGEMENT REVIEW
THE PRIVATE WEALTH AND PRIVATE CLIENT REVIEW
THE LAW REVIEWS
6. www.TheLawReviews.co.uk
THE MINING LAW REVIEW
THE EXECUTIVE REMUNERATION REVIEW
THE ANTI-BRIBERY AND ANTI-CORRUPTION REVIEW
THE CARTELS AND LENIENCY REVIEW
THE TAX DISPUTES AND LITIGATION REVIEW
THE LIFE SCIENCES LAW REVIEW
THE INSURANCE AND REINSURANCE LAW REVIEW
THE GOVERNMENT PROCUREMENT REVIEW
THE DOMINANCE AND MONOPOLIES REVIEW
THE AVIATION LAW REVIEW
THE FOREIGN INVESTMENT REGULATION REVIEW
THE ASSET TRACING AND RECOVERY REVIEW
THE INTERNATIONAL INSOLVENCY REVIEW
THE OIL AND GAS LAW REVIEW
THE FRANCHISE LAW REVIEW
THE PRODUCT REGULATION AND LIABILITY REVIEW
THE SHIPPING LAW REVIEW
THE ACQUISITION AND LEVERAGED FINANCE REVIEW
THE PRIVACY, DATA PROTECTION AND CYBERSECURITY LAW REVIEW
THE PUBLIC-PRIVATE PARTNERSHIP LAW REVIEW
THE TRANSPORT FINANCE LAW REVIEW
THE SECURITIES LITIGATION REVIEW
THE LENDING AND SECURED FINANCE REVIEW
THE INTERNATIONAL TRADE LAW REVIEW
7. i
The publisher acknowledges and thanks the following law firms for their learned
assistance throughout the preparation of this book:
ADVOKATFIRMAET SIMONSEN VOGT WIIG AS
ALLENS
ASTREA
BOGSCH & PARTNERS LAW FIRM
CMS CAMERON MCKENNA GRESZTA I SAWICKI SP.K.
DUNAUD CLARENC COMBLES & ASSOCIÉS
ELIG, ATTORNEYS-AT-LAW
JUN HE LAW OFFICES
LEE & KO
MATHESON
MATTOS FILHO, VEIGA FILHO, MARREY JR E QUIROGA ADVOGADOS
NNOVATION LLP
PEARL COHEN ZEDEK LATZER BARATZ
SANTAMARINA Y STETA, SC
SIDLEY AUSTIN LLP
SUBRAMANIAM & ASSOCIATES
URÍA MENÉNDEZ ABOGADOS, SLP
ACKNOWLEDGEMENTS
9. iii
Chapter 1 GLOBAL OVERVIEW������������������������������������������������������������� 1
Alan Charles Raul
Chapter 2 EUROPEAN UNION OVERVIEW����������������������������������������� 5
William RM Long, Géraldine Scali and Alan Charles Raul
Chapter 3 APEC OVERVIEW����������������������������������������������������������������� 24
Catherine Valerio Barrad and Alan Charles Raul
Chapter 4 AUSTRALIA���������������������������������������������������������������������������� 38
Michael Pattison
Chapter 5 BELGIUM������������������������������������������������������������������������������� 52
Steven De Schrijver and Thomas Daenens
Chapter 6 BRAZIL����������������������������������������������������������������������������������� 65
Fabio Ferreira Kujawski and Alan Campos Elias Thomaz
Chapter 7 CANADA�������������������������������������������������������������������������������� 77
Shaun Brown
Chapter 8 CHINA������������������������������������������������������������������������������������ 94
Marissa (Xiao) Dong
Chapter 9 FRANCE������������������������������������������������������������������������������� 106
Merav Griguer
Chapter 10 GERMANY��������������������������������������������������������������������������� 119
Jens-Marwin Koch
CONTENTS
10. iv
Contents
Chapter 11 HONG KONG��������������������������������������������������������������������� 134
Yuet Ming Tham and Jillian Lee
Chapter 12 HUNGARY��������������������������������������������������������������������������� 148
Tamás Gödölle
Chapter 13 INDIA����������������������������������������������������������������������������������� 164
Hari Subramaniam and Aditi Subramaniam
Chapter 14 IRELAND����������������������������������������������������������������������������� 174
John O’Connor
Chapter 15 ISRAEL���������������������������������������������������������������������������������� 190
Haim Ravia and Dotan Hammer
Chapter 16 JAPAN����������������������������������������������������������������������������������� 203
Takahiro Nonaka
Chapter 17 KOREA���������������������������������������������������������������������������������� 220
Kwang Bae Park and Ju Bong Jang
Chapter 18 MEXICO������������������������������������������������������������������������������� 234
César G Cruz-Ayala and Diego Acosta-Chin
Chapter 19 NORWAY������������������������������������������������������������������������������ 249
Tomas Myrbostad and Tor Stokke
Chapter 20 POLAND������������������������������������������������������������������������������ 259
Tomasz Koryzma, Marcin Lewoszewski, Agnieszka Besiekierska
and Adriana Zdanowicz
Chapter 21 PORTUGAL�������������������������������������������������������������������������� 274
Magda Cocco, Inês Antas de Barros and Sofia de Vasconcelos Casimiro
Chapter 22 SINGAPORE������������������������������������������������������������������������ 286
Yuet Ming Tham and Jillian Lee
11. v
Contents
Chapter 23 SPAIN������������������������������������������������������������������������������������ 303
Leticia López-Lapuente and Reyes Bermejo Bosch
Chapter 24 SWITZERLAND������������������������������������������������������������������ 315
Jürg Schneider and Monique Sturny
Chapter 25 TURKEY������������������������������������������������������������������������������� 334
Gönenç Gürkaynak and İlay Yılmaz
Chapter 26 UNITED KINGDOM���������������������������������������������������������� 347
William RM Long and Géraldine Scali
Chapter 27 UNITED STATES���������������������������������������������������������������� 363
Alan Charles Raul, Tasha D Manoranjan and Vivek K Mohan
Appendix 1 ABOUT THE AUTHORS���������������������������������������������������� 395
Appendix 2 CONTRIBUTING LAW FIRMS’ CONTACT DETAILS�� 409
12. 174
Chapter 14
IRELAND
John O’Connor1
I OVERVIEW
The data protection regime in Ireland is governed by the Data Protection Acts 1988 and
2003 (DPA), which transpose European Directive 95/46/EC on data protection (the
Directive) into Irish law. In addition, there are numerous sector-specific regulations in
areas such as employment,2
electronic communications,3
health data4
and genetic data.5
Ireland protects privacy and data protection rights fundamentally at a constitutional level
1 John O’Connor is a partner at Matheson.
2 SI No. 337 of 2014 - Data Protection Act 1988 (Commencement) Order 2014 and
SI No. 338 of 2014 - Data Protection (Amendment) Act 2003 (Commencement) Order
2014. This makes it unlawful for employers to require employees or applicants for
employment to make an access request seeking copies of personal data that is then made
available to the employer or prospective employer. This provision also applies to any person
who engages another person to provide a service.
3 SI No. 336/2011 - European Communities (Electronic Communications Networks and
Services) (Privacy and Electronic Communications) Regulations 2011 (the E-Privacy
Regulations). This deals with specific data protection issues relating to use of electronic
communication devices, and particularly with direct marketing restrictions.
4 SI No. 82/1989 - Data Protection (Access Modification) (Health) Regulations, 1989. This
outlines certain restrictions in the right of access relating to health data.
5 SI No. 687/2007 - Data Protection (Processing of Genetic Data) Regulations 2007. This
outlines restrictions in respect of processing genetic data in relation to employment.
13. Ireland
175
in Articles 40.3.1, 40.3.2 and 40.5 of Bunreacht na hÉireann (the Irish Constitution).6
These rights are balanced against the freedom of expression protected in Article 40.6 and
neither is regarded as absolute.7
Ireland is a signatory to both the 1980 OECD Guidelines on the Protection
of Privacy and Transborder Flows of Personal Data, the Charter of Fundamental
Rights of the European Union and the European Convention on Human Rights and
Fundamental Freedoms.
II THE YEAR IN REVIEW
Ireland’s data protection regime once again took centre stage over the past year with
a number of much-publicised developments. In April, Twitter announced a change to its
terms, bringing all non-US accounts within the ambit of the Irish regulator, the Office of
the Data Protection Commissioner (ODPC). Meanwhile, a reference by the Irish High
Court to the Court of the Justice of the European Union in respect of the transfer of
personal data by Facebook Ireland to the United Statesresulted in the court finding that
the EU-US ‘Safe Harbor’ framework is invalid as it does not ensure adequate protection
for EU citizens’ personal data.8
Another Irish reference in April 2014 resulted in the
Court of Justice finding that the Data Retention Directive9
was invalid,10
and this has
cast doubts on the validity of the Irish implementing legislation.11
The Irish government has also made submissions to the US Court of Appeals in
Microsoft Corporation v. United States of America in which US authorities are seeking to
compel Microsoft to disclose emails located in their Dublin-based data centre as part of
a narcotics investigation. This case is discussed further in Section VI, infra.
In 2014, for the first time, a government minister with a specific brief for data
protection was appointed in Ireland. The year also saw an increase in the activities of
the national regulator, the ODPC, with the near doubling of the office’s budget and
staff headcount. The ODPC’s annual report for 2014 shows an increase in the number
of complaints and breach notifications made to the office, as well as highlighting
prosecutions undertaken.
6 Kennedy v. Ireland [1987] IR 587; Schrems v. Data Protection Commissioner [2014] IEHC 310.
7 Herrity v. Associated Newspapers (Ireland) Limited [2008] IEHC 349; X (an infant) v. Sunday
Newspapers Ltd (trading as ‘The Sunday World’) [2014] IEHC 696.
8 Schrems v. Data Protection Commissioner C-362/14.
9 Directive 2006/24/EC.
10 Digital Rights Ireland Ltd v. Minister for Communications, Marine and Natural Resources Ors
(C-293/12).
11 Communications (Retention of Data) Act 2011.
14. Ireland
176
III REGULATORY FRAMEWORK
i Privacy and data protection legislation and standards
As well as conferring rights on individuals, the DPA also place obligations on those who
collect and process personal data. The DPA seek to regulate the collection, processing,
keeping, use and disclosure of personal data that is processed automatically or, in certain
circumstances, manually. The DPA place responsibilities on both data controllers and, to
a lesser extent, on data processors.
The E-Privacy Regulations provide for a number of protections and offences
in relation to electronic communications and, in particular, direct marketing via
electronic means.
The key definitions under the DPA are as follows.
Personal data
‘Personal data’ means data relating to a living individual who is or can be identified either
from the data or from the data in conjunction with other information that is in, or is
likely to come into, the possession of the data controller.
Sensitive personal data
‘Sensitive personal data’ means personal data as to:
a the racial or ethnic origin, the political opinions or the religious or philosophical
beliefs of the data subject;
b whether the data subject is a member of a trade union;
c the physical or mental health or condition or sexual life of the data subject;
d the commission or alleged commission of any offence by the data subject; or
e any proceedings for an offence committed or alleged to have been committed by
the data subject, the disposal of such proceedings or the sentence of any court in
such proceedings.
Processing
‘Processing’, in relation to information or data, means performing any operation or set
of operations on the information or data, whether or not by automatic means, including:
a obtaining, recording or keeping the information or data;
b collecting, organising, storing, altering or adapting the information or data;
c retrieving, consulting or using the information or data;
d disclosing the information or data by transmitting, disseminating or otherwise
making it available; or
e aligning, combining, blocking, erasing or destroying the information or data.
Data controller
‘Data controller’ means a person who, either alone or with others, controls the contents
and use of personal data.
15. Ireland
177
Data Processor
‘Data processor’ means a person who processes personal data on behalf of a data controller
but does not include an employee of a data controller who processes such data in the
course of his or her employment.
Data subject
‘Data subject’ means an individual who is the subject of personal data.
ii General obligations for data handlers
Obligations of data controllers
The general obligations on data controllers are as follows.
Transparency
Data subjects must be provided with information relating to the processing of their data.
This includes:
a the identity of the data controller or their representative or the data processor;
b the purposes for which the data are intended to be processed; and
c any other information that is necessary, having regard to the specific circumstances
in which data are to be processed, including but not limited to details of recipients
or categories of recipients of the personal data and information as to the existence
of the right of access and the right to rectify data.
Lawful basis for processing12
At least one of the following is required to constitute a lawful basis for processing:
a consent of the data subject (specific, freely given, informed);
b the processing is necessary:
• for the performance of a contract to which the data subject is a party;
• to take steps at the request of the data subject prior to entering into a contract;
• for compliance with a legal obligation to which the data controller is subject
rather than an obligation imposed by contract;
• to prevent:
(i) injury or other damage to the health of the data subject; and
(ii) serious loss or damage to property of the data subject, or otherwise to
protect his or her vital interests where the seeking of the consent of the
data subject is likely to result in those interests being damaged;
• for compliance with a legal obligation including:
(i) the administration of justice;
(ii) for the performance of a function conferred on a person by law;
(iii) for the performance of a function of the government or a minister of
the government; and
(iv) for the performance of any other function of a public nature that is
performed in the public interest; and
12 Sensitive personal data must also pass an additional legitimate basis for processing.
16. Ireland
178
• for the purposes of the legitimate interests pursued by the data controller (or
third party to whom the personal data are disclosed).
Purpose limitation
Personal data should only be obtained for one or more specified, explicit and legitimate
purposes and should not be further processed in a manner incompatible with
those purposes.
Proportionality
Personal data collected must be adequate, relevant and not excessive in relation to the
purposes for which they are collected or are further processed.
Retention
Personal data should not be kept for longer than is necessary for the purpose for which
they were obtained. If the purpose for which the information was obtained has ceased
and the personal information is no longer required, the data must be deleted or disposed
of in a secure manner.
Rights of data subjects
The general rights of data subjects are as follows.
Access to data
Data subjects have the right to find out, free of charge, if an organisation or an individual
holds information about them. This includes the right to be given a description of the
information and to be told the purposes for which that information is held. A request
for this information must be made in writing by the data subject and the individual must
receive a reply within 21 days, according to the DPA.
Data subjects have the right to obtain a copy, within 40 days of a request, of any
information that relates to them that is held either on a computer or in a structured
manual filing system, or that is intended for such a system.
A number of exceptions to the right of access exist under the DPA including
legal privilege, research data or data used for the investigation of offences. If a request
would be either disproportionately difficult or impossible to process, the data controller
or processor does not have to fulfil the request.
Correction and deletion
Data subjects have the right to request in writing to have their data either deleted or
corrected where the data are not obtained lawfully or are inaccurate. The data controller
or processor must respond within a reasonable amount of time and no later than 40 days
after the request. There is no express right of a data subject to request the deletion of their
information if it is being processed lawfully.
Objection to processing
Data subjects have the right to object to processing that is likely to cause damage or
distress. This right applies to processing that is necessary for the purposes of legitimate
17. Ireland
179
interests pursued by the data controller to whom the personal data are or will be disclosed
or processing that is necessary for the performance of a task carried out in the public
interest or in the exercise of official authority.
Objection to marketing
Data subjects have the right to, following a request by writing, require the data controller
to cease processing data for that purpose, and where it is only retained for that purpose
they have the right to have it erased. The data controller must do this within 40 days.
Under the E-Privacy Regulations, data subjects have the right to have their
‘opt-out’ preference recorded in the National Directory Database, which constitutes an
objection to direct marketing to them.
Complaint to relevant data protection authorities
Data subjects have a right of complaint to the ODPC in relation to the treatment of their
personal data. The ODPC must investigate such complaints unless it considers them to
be ‘frivolous or vexatious’.
Registration
It is obligatory for the following types of entities to register with the ODPC if they hold
personal data in automated form and have a legal presence in Ireland, or use equipment
located here:
a government bodies or public authorities;
b banks, financial or credit institutions and insurance undertakings;
c data controllers whose business consists wholly or mainly of direct marketing;
d data controllers whose business consists wholly or mainly in providing
credit references;
e data controllers whose business consists wholly or mainly in collecting debts;
f internet access providers, telecommunications networks or service providers;
g data controllers that process genetic data (as specifically defined in Section 41 of
the Disability Act 2005);
h health professionals processing personal data related to mental or physical
health; and
i data processors that process personal data on behalf of a data controller, in any of
the categories listed above.
Exemptions
Generally, all data controllers and processors must register unless an exemption applies,
either under Section 16(1)(a) or (b) of the DPA or under SI No. 657 of 2007. Under
Section 16(1)(a) or (b) the following are excluded from registration:
a organisations that only carry out processing to keep, in accordance with law,
a register that is intended to provide information to the public;
b organisations that only process manual data (unless the personal data had been
prescribed by the ODPC as requiring registration); and
c organisationsthatarenotestablishedorconductedforprofitandthatareprocessing
personal data related to their members and supporters and their activities.
18. Ireland
180
Additionally, pursuant to SI No. 657 of 2007 the Irish Minister for Justice and Equality
has specified that the following data controllers and data processors are not required to
register (provided they do not fall within any of the categories in respect of which no
exemption may be claimed):
a data controllers that only process employee data in the ordinary course of
personnel administration and where the personal data is not processed other than
where it is necessary to carry out such processing;
b solicitors and barristers;
c candidates for political office and elected representatives;
d schools, colleges, universities and similar educational institutions;
e normal commercial activity that by definition requires the processing of personal
data; for example, keeping details of customers and suppliers (this exemption does
not include health professionals who process personal data relating to physical or
mental health);
f companies that process personal data relating to past or existing shareholders,
directors or other officers of a company for the purpose of compliance with the
Companies Act;
g data controllers that process personal data with a view to the publication of
journalistic, literary or artistic material; and
h data controllers or data processors that operate under an approved data protection
code of practice.
If an exemption does apply, however, it is limited only to the extent to which personal
data are processed within the scope of that exemption.
The ODPC is obliged not to accept an application for registration from a data
controller that keeps ‘sensitive personal data’ unless the ODPC is of the opinion that
appropriate safeguards for the protection of the privacy of the data subjects concerned
are being, and will continue to be, provided by the controller.
Where the ODPC refuses an application for registration, it must notify the
applicant in writing and specify the reasons for the refusal. An appeal against such
a decision can be made to the Circuit Court.
iii Technological innovation and privacy law
Cloud computing
The ODPC has issued guidance on issues that arise from processing data in the cloud.
The data controller must be satisfied that the cloud service provider will only process the
data in accordance with the data controller’s instructions. The data controller must also be
satisfied that appropriate security measures have been taken by the cloud provider. These
measures should cover continued access to the data by the data controller, prevention of
unauthorised access to the data, adequate oversight of any subprocessors, procedures in
the event of a data breach and the right to remove or transfer data. The data controller’s
obligations in this respect can be satisfied by a detailed technical analysis incorporating
an audit of the cloud provider or by third-party certification of the cloud provider to
approved international standards.
19. Ireland
181
A data controller must also assess the location of the data and must ensure that
personal data is not transferred outside the European Economic Area (EEA) except to an
EU-approved country or pursuant to EU Model Contract Clauses or binding corporate
rules (BCRs).
Finally, the data controller must ensure that a written contract is in place with the
cloud provider.
Biometrics
The ODPC has published guidance on the use of biometric data both in the workplace
and in schools, colleges and other educational institutions. The key issue in relation to
biometric data is proportionality. The data controller must assess whether the biometric
system is necessary and if there are less invasive alternatives available. Proportionality
will depend on a number of factors including the nature of the workplace or
educational institution, the intended purpose of the system, efficiency and reliability.
In the employment context, the ODPC’s stated position is that consent is not generally
satisfactory as it can be argued that it is not freely given in view of the typically
imbalanced nature of the employer-employee relationship. Employers should seek to
rely on ‘legitimate interest’ grounds for processing biometric data but must ensure the
right balance is struck between their interests and the employees’ rights. In the context
of educational institutions, the ODPC recommends that consent is the only way of
legitimising the processing of personal data. A clear and unambiguous right to opt out of
the biometric system must be given. It is important that data subjects are made aware of
the purpose of processing the biometric data.
The ODPC also highlights the importance of security in relation to biometric
data, taking into account, in particular, the state of technological development, the cost of
implementing the security measures, the nature of the data being protected and the harm
that might result through the unlawful processing of the data. The ODPC recommends
that the personal data is deleted as soon as the employee or student permanently leaves.
The ODPC guidance recommends that employers and educational institutions
conduct a privacy impact assessment prior to implementing a biometric system. This
should take into account the need for such a system, the type of system required, the
effect on data subjects and any less invasive options available.
iv Specific regulatory areas
Health data
The Data Protection (Access Modification) (Health) Regulations, 1989 provide that
health data shall not be supplied to data subjects unless a health professional is first
consulted and access to the data is not likely to cause serious harm to the mental or
physical health of the data subject.
The ODPC has published guidance in the area of research in the health sector.
The ODPC is of the opinion that anonymising of patient data is the optimal position for
health research. Where this is not possible, or access to patient identifiable information is
required, health research should be conducted on the basis of informed and freely given
explicit consent.
20. Ireland
182
The Health Identifiers Act 2014 was enacted in July 2014 but has not yet been
commenced. This establishes a unique health identifier for each patient and provides that
this shall be personal data for the purposes of the DPA. Certain offences are specified for
accessing or processing health identifiers other than in accordance with the Act.
Electronic communications marketing
Under the E-Privacy Regulations, using publicly available communications services to
make any unsolicited calls or send unsolicited emails for the purpose of direct marketing,
is restricted.
Direct marketing by fax
A fax may not be used for direct marketing purposes with an individual who is not
a customer, unless the individual in question has previously consented to receiving
marketing communications by fax.
Direct marketing by phone
In summary, to contact an individual by phone for the purposes of direct marketing the
individual must have given his or her consent to receiving direct marketing calls (or to
the receipt of communications to his or her mobile phone as the case may be). In certain
cases it will be necessary to consult the National Directory Database prior to placing calls
for marketing purposes.
Direct marketing by email or text message
To validly use these methods to market directly to an individual, the individual
concerned must have consented to the receipt of direct marketing communications via
these methods.
The legislation provides for an exception whereby an existing customer may be
taken to have consented on what is known as a ‘soft opt-in’ basis provided that certain
requirements are met and that the service or product that is being marketed is either the
same or very similar to the product previously sold to that person.
IV INTERNATIONAL DATA TRANSFER
Personal data may not be transferred outside the EEA unless one of the following applies:
a the transfer is authorised by law;
b consent to the transfer is given by the data subject;
c the transfer is necessary for the performance of a contract to which the data
subject is party;
d the transfer is necessary to conclude a contract with someone other than the data
subject, where it is in their interests;
e the transfer is necessary for reasons of substantial public interest;
f the transfer is necessary for obtaining legal advice for legal proceedings;
g the transfer is necessary to prevent injury or damage to the data subject;
21. Ireland
183
h the personal data to be transferred are an extract from a statutory public register
established by law for public consultation; or
i the transfer is done through one of the mechanisms described in paragraphs (a),
(b) or (c) below.
Even where one of the above elements exists, the ODPC retains the power to prohibit
the transfer of personal data abroad to any country inside or outside the EEA.
In addition to the methods outlined above, the three methods by which Irish-based
businesses typically transfer personal data outside the EEA are as follows:
a Use of EU Model Contract Clauses between the data controller and the person
or organisation to whom they intend to pass the information to abroad. These are
contractual clauses approved by the EU Commission that assure an adequate level
of protection for the personal data. They do not usually require the approval of
the ODPC; however, it can approve transfers based on contractual clauses that do
not directly conform to the EU Model Contract Clauses.
b Transfer to a country that is on the EU Commission ‘adequate standard of
protection’ list, or US organisations that have agreed to be bound by the rules
of the Safe Harbor agreement (essentially a streamlined version of EU data
protection law).13
c A further method that is rarely used is the use of BCRs, whereby personal data
can be transferred to other companies within a group and based abroad, as long
as certain legally enforceable rules exist within the group whereby they must give
the data an adequate level of protection. It is rarely used because of the expense
and difficulty involved in having these rules approved by the ODPC. At the time
of writing, only one company within Ireland has implemented BCRs, as the
necessary approvals are very time-consuming to obtain. This took almost a year of
engagement with the ODPC.
V COMPANY POLICIES AND PRACTICES
While the DPA do not provide specifically for the appointment of a data protection
officer, when registering with the ODPC, both data controllers and data processors
must give details of a ‘compliance person’ who will supervise the application of the DPA
within the organisation in relation to personal data that is collected.
Operators of websites are required to have privacy statements in place. This is
required by both the DPA, which require data controllers to supply certain information
to data subjects, and the E-Privacy Regulations, which require certain information to be
supplied when information is stored or retrieved from a person’s terminal equipment,
including the use of cookies. The privacy policy must contain the identity of the data
13 Although the Safe Harbor scheme is no longer a reliable basis to legitimise data transfers,
the European Commission and the US Department of Commerce are negotiating a revised
framework that, when implemented, will constitute a legitimate basis for transfers of data to
US companies that are bound by the agreement.
22. Ireland
184
controller, the purpose for which personal data will be processed and the parties to
whom the data will be disclosed. Data subjects must also be informed of their rights of
access, rectification and erasure under the DPA. The ODPC also recommends including
information such as the retention period and complaint resolution mechanism. The
ODPC recommends placing a link to the privacy statement in a reasonably obvious
position on each page of the website.
Although not strictly required, it is recommended that data controllers
implement a security policy. The ODPC recommends that this include data collection
and retention, access control, including a ‘movers, leavers and joiners’ policy and an
incident response plan.
VI DISCOVERY AND DISCLOSURE
Where data are sought for use in civil proceedings in a foreign country, Irish companies
may be compelled under a subpoena from an Irish court to provide them. This happens
frequently between EU countries, but it is also possible for a request from outside the
EU to succeed.
In relation to requests from foreign law enforcement agencies, there is a legal
framework in place that allows for the law enforcement agencies of foreign signatories
of certain Hague Conventions to seek the disclosure of data held by Irish companies by
the Irish police, who then issue a warrant for it. Where the request is made by the law
enforcement agencies of countries that are not signatories, this is determined by the
Department of Justice and Equality on a case-by-case basis. Generally where proper
undertakings are given by the agency making the request, it will be granted, and Irish
companies will be compelled to disclose the data.
Part 3 of the Criminal Justice (Mutual Assistance) Act 2008 (the Criminal Justice
Act), provides for various forms of mutual legal assistance to foreign law enforcement
authorities. Part 3 relates to requests for mutual assistance between Ireland and other EU
Member States for cooperation in the policing of telecommunications messages for the
purposes of criminal investigations. The Minister for Justice can also now request that
tapping of communications be undertaken in an EU Member State for an Irish-based
criminal investigation, and Part 3 also outlines how requests from other EU countries to
Ireland for such interceptions should be processed.
The ODPC has not, as yet, issued official guidance in relation to foreign
e-discovery requests, or requests for disclosure from foreign law enforcement agencies;
however, the Minister of State has expressed the view that the Irish government has
‘serious concerns’ about the implications for Ireland and the EU arising from the US
court decision in the Microsoft case referred to in Section II, supra. The Minister of
State suggested that compliance with the US-issued warrant in question may result in
Microsoft, and any other US companies with operations in the EU that are served with
such warrants in the future, being in breach of the DPA and the EU Data Protection
Directive, stating that ‘[t]his would create significant legal uncertainty for Irish and EU
consumers and companies regarding the protection of their data which, in this digital
23. Ireland
185
age, is everyone’s most valuable asset’. The Irish government has instead advocated the
use of the existing mutual legal assistance treaty, which provides for assistance in legal
cases or law enforcement investigations.
VII PUBLIC AND PRIVATE ENFORCEMENT
i Enforcement agencies
The DPA confer specific rights on the ODPC and explicitly state that the ODPC shall
be the supervisory authority in Ireland for the purpose of the Directive. The ODPC is
responsible for ensuring that individuals’ data protection rights are respected, and that
those who are in control of, or who process, personal data carry out their responsibilities
under the DPA.
Powers of the ODPC
Investigations
The ODPC must investigate any complaints that it receives from individuals in relation to
the treatment of their personal data unless it considers them to be ‘frivolous or vexatious’.
The ODPC may also carry out investigations of its own accord. In practice, these usually
take the form of scheduled privacy audits. However, it should be noted that the ODPC
is not prevented from conducting ‘dawn raid’ types of audit, if it decides to do so.
Power to obtain information
The ODPC has the power to require any person to provide it with whatever information
it needs to carry out its functions. In carrying out this power in practice, the ODPC
usually issues the person with an ‘information notice’ in writing. It is an offence to fail to
comply with such an information notice (without reasonable excuse), although there is
a right to appeal any requirement specified in an information notice to the Circuit Court.
Power to enforce compliance with the Acts
The ODPC may require a data controller or data processor to take whatever steps
it considers appropriate to comply with the terms of the DPA. In practice, this may
involve blocking personal data from use for certain purposes, or erasing, correcting
or supplementing the personal data. This power is exercised by the ODPC issuing an
‘enforcement notice’.
Power to prohibit overseas transfer of personal data
Under Section 11 of the DPA, the ODPC may prohibit the transfer of personal data
from Ireland to an area outside the EEA. In exercising this power, the ODPC must have
regard to the need to facilitate international transfers of information.
The powers of ‘authorised officers’
The ODPC has the power to nominate an ‘authorised officer’ to enter and examine the
premises of a data controller or data processor, to enable the ODPC to carry out its
functions. An authorised officer has a number of powers, such as the power to enter the
24. Ireland
186
premises and inspect any data equipment there; to require the data controller or data
processor to assist him or her in obtaining access to personal data; and to inspect and
copy any information.
Enforcement
The ODPC may bring summary legal proceedings for an offence under the DPA.
However, in contrast to the position in certain other jurisdictions, such as the United
Kingdom, the ODPC does not have the power to impose fixed monetary penalties.
Sanctions
While most of the penalties for offences under the DPA are civil in nature, breaches
of data protection can also lead to criminal penalties. Summary legal proceedings for
an offence under the DPA may be brought and prosecuted by the ODPC. Under the
DPA, the maximum fine on summary conviction of such an offence is set at €3,000.
On conviction on indictment (such a conviction in Ireland is usually reserved for more
serious crime), the maximum penalty is a fine of €100,000.
The E-Privacy Regulations specify the sanctions for breaches of electronic
marketing restrictions, which on summary conviction are a fine of up to €5,000 (per
communication), or in conviction on indictment, fines up to a maximum ranging from
€50,000 for a natural person to €250,000 for a body corporate.
The ODPC exercises its powers of enforcement on a regular basis. The ODPC has
conducted investigations recently, obtained information and conducted inspections of
many organisations. During the course of 2014, 38 audits and inspections were carried
out and nine entities were prosecuted for a total of 162 offences.
ii Recent enforcement cases
Private investigators
In 2014 a number of private investigators acting on behalf of credit unions were
prosecuted for unlawfully accessing personal data held by government agencies. Fines of
€2,500 were imposed in one case and fines of €1,500 were imposed on the directors of
the company involved in another case.
Marketing offences
A number of companies were prosecuted in 2014 for sending direct marketing
communications despite the customer having opted out of such communications or
being listed on the National Directory Database opt-out register. Fines ranging from
€75 to €1,500 were imposed.
Adobe breach
In October 2013, the computer systems of Adobe Systems Software Ireland Ltd were
hacked and the personal data relating to 3.65 million payment cards, 41 million active
users and 71 million non-active users was compromised. The ODPC engaged in
a coordinated investigation with its Canadian and Australian counterparts. Adobe was
25. Ireland
187
found to be in breach of the requirement to have appropriate security measures in place,
but the ODPC was satisfied with subsequent improvements and Adobe’s quick reaction
to the attack.
iii Private litigation
The DPA provide a statutory duty of care on the part of data controllers and processors
in favour of data subjects. Thus, an individual can sue under the law of torts for a breach
of any obligations under the DPA. The High Court has held that it is necessary for a data
subject to show harm has resulted from a breach before any right to compensation will
arise under this section.14
VIII CONSIDERATIONS FOR FOREIGN ORGANISATIONS
The DPA apply to data controllers in respect of the processing of personal data only if:
a the data controller is established in Ireland, and the data are processed in the
context of that establishment; or
b the data controller is established neither in Ireland nor in any other state that
is a contracting party to the EEA Agreement, but makes use of equipment in
Ireland for processing the data otherwise than for the purpose of transit through
the territory of Ireland. Such a data controller must, without prejudice to any
legal proceedings that could be commenced against the data controller, designate
a representative established in Ireland.
Each of the following shall be treated as established in Ireland:
a an individual who is normally resident in Ireland;
b a body incorporated under the laws of Ireland;
c a partnership or other unincorporated association formed under the laws of
Ireland; and
d a person who does not fall within any of the above but who maintains in Ireland:
• an office, branch or agency through which he or she carries on any activity; or
• a regular practice.
IX CYBERSECURITY AND DATA BREACHES
The ODPC has published the Personal Data Security Breach Code of Practice (the Code),
which contains specific data security breach guidelines. This Code is non-binding in
nature and does not apply to providers of publicly available electronic communications
services in public communications networks in Ireland, which are subject to a mandatory
reporting obligation under the E-Privacy Regulations.
The following guidelines are provided for in the Code:
a when a data breach occurs the data controller should immediately consider
whether to inform those who will be or have been impacted by the breach;
14 Collins v. FBD Insurance plc [2013] IEHC 137.
26. Ireland
188
b if a breach is caused by a data processor, he or she should report it to the data
controller as soon as he or she becomes aware of it;
c if the personal data was protected by technological measures (such as encryption)
to such an extent that it would be unintelligible to any person who is not
authorised to access it, then the data controller may decide that there is no risk to
the personal data (and so no notification to the data subject is necessary);
d any incident that has put personal data at risk should be reported to the ODPC as
soon as the data controller becomes aware of it. There are some limited exceptions
to this provided for in the Code; for example, this is not required where:
• it affects fewer than 100 data subjects;
• the full facts of the incident have been reported without delay to those
affected; and
• the breach does not involve sensitive personal data or personal data of
a financial nature; and
e if the data controller is unclear about whether to report the incident or not, the
Code advises that the incident should be reported to the ODPC. The Code advises
that the controller should make contact with the ODPC within two working days
of the incident occurring.
Once the ODPC is made aware of the circumstances surrounding a breach or a possible
breach, it will decide whether a detailed report or an investigation (or both) is required.
As regards cybersecurity, the Irish government is in the process of implementing
the National Cyber Security Strategy 2015–2017, which established the National Cyber
Security Centre (NCSC) within the Department of Communications, Energy and
Natural Resources, and which outlines the government’s plan to address the risks posed
by cybercrime to the digital economy and society. The objectives include:
a improving the resilience and robustness of critical information infrastructure in
crucial economic sectors;
b engaging with international partners to ensure that cyberspace remains open,
secure, unitary and free;
c raising awareness of the responsibilities of businesses and individuals;
d ensuring that Ireland has a comprehensive and flexible legal and regulatory
framework in place to combat cybercrime; and
e building capacity to engage in the emergency management of cyber incidents.
The NCSC (defined above) aims to build on the work of the Computer Security Incident
Response Team (CSIRT-IE), which was established in 2011. The NCSC also intends to
introduce legislation to transpose the proposed EU Network and Information Security
Directive, the Budapest Convention on Cybercrime and Directive 2013/40/EU on
attacks against information systems.
Earlier this year the Central Bank of Ireland, the regulator for financial institutions,
commenced a programme of themed inspections of institutions that included assessment
of cybersecurity and operational risk.
27. Ireland
189
X OUTLOOK
The proposed ‘one-stop shop’ single supervisory authority under the new EU Data
Protection Regulation will result in many multinational companies that have their main
EU establishment in Ireland being subject exclusively to the ODPC in respect of EU
data protection rules.
In its most recent annual report, the ODPC lists its priorities going forward as
including the expansion of its capacity and capability. This is echoed in the near doubling
of the ODPC’s budget and staff headcount this year. The ODPC also intends to ensure
better compliance with the DPA in the public sector and to improve cooperation with
its EU counterparts.
28. 395
Appendix 1
ABOUT THE AUTHORS
JOHN O’CONNOR
Matheson
John O’Connor is a partner and head of the technology and commercial contracts
group and co-head of the cross-departmental data protection and outsourcing groups at
Matheson. He is a highly experienced lawyer with considerable experience of advising
both suppliers and users in relation to technology and outsourcing transactions, data
protection compliance projects and commercial agreements.
On the technology side of John’s practice, he advises his clients in relation to
systems integration arrangements, BPO and IT outsourcing and services (including
SAAS and other cloud arrangements), licensing and reseller arrangements, data
protection, intellectual property and e-commerce. On the commercial contracts side of
John’s practice, he typically advises in relation to manufacturing, agency, distribution,
franchising and partnering agreements.
John was recently formally appointed a member of the Irish Government Data
Forum, which was established in 2015 by the Irish Minister of State with responsibility
for European Affairs and Data Protection. The Forum brings together industry, academic
and legal experts to discuss data protection and digital technology and to assist with
formulating related Irish government policy.
John is a frequent public speaker and in the past 12 months has presented at
seminars in Ireland and the United States in relation to data protection, outsourcing
and cloud services. He has been published in legal and business journals in the United
Kingdom, the United States and Ireland.
Prior to joining Matheson, John worked at a leading City of London firm, where
he worked on several market-leading outsourcing and technology arrangements.
John is chair of the Irish branch of the Society for Computers and Law, and is
a member of the InternationalTechnology Law Association, the International Association
29. About the Authors
396
of Privacy Professionals, the UK National Outsourcing Association, the technology law
committee of the International Bar Association, and the technology law committee of
the Law Society of Ireland.
MATHESON
70 Sir John Rogerson’s Quay
Dublin 2
Ireland
Tel: +353 1 232 2150
Fax: +353 1 232 3333
john.oconnor@matheson.com
www.matheson.com