Definitions are key to understanding the Data Protection Acts. These definitions are broad, making their application quite subjective. Definitions are fully discussed in Chapter 8 of Privacy and Data protection Law in Ireland.
Data is defined as “automated data and manual data” This essentially means any data that is processed by a computer. Although the Data Protection Acts do not say so, the Data Protection Directive makes clear that this includes “audio-visual” data. And data that is held in certain types of “manual filing systems” can also fall within this definition.
Personal data is defined as “data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller” To fall within this definition it is sufficient that data can be related back to you when combined with other data to which the controller has, or may have, access.
Data controller means the person who “controls” how data is processed, the Data Protection Acts define controller as: “…a person who, either alone or with others, controls the contents and use of personal data”
The Data Protection Acts define a processor as a person (such as a contractor or service provider, but not an employee) who processes personal data on behalf of the data controller.
Data processing is very broadly defined as “performing any operation or set of operations on the information or data, whether or not by automatic means”. This includes the following processing operations
(a) “obtaining, recording or keeping the information or data,
(b) “collecting, organising, storing, altering or adapting the information or data,
(c) “retrieving, consulting or using the information or data,
(d) “disclosing the information or data by transmitting, disseminating or otherwise making it available, or
(e) “aligning, combining, blocking, erasing or destroying the information or data”.