Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Ireland: DPC issues reprimand to PHECC for DPO and cooperation failures
The Data Protection Commission ('DPC') published, on 25 May 2022, Decision No. IN-22-2-1, as issued on 3 May 2022, in which it issued the Pre-Hospital Emergency Care Council ('PHECC') with a reprimand for the violations of Articles 31, 37(1), and 37(7) of the General Data Protection Regulation (Regulation (EU) 2016/679), following an inquiry by the DPC.
Background to the decision
In particular, the decision notes that the inquiry commenced to establish whether the PHECC was required to designate a data protection officer ('DPO') pursuant to Article 37(1) of the GDPR, and whether the PHECC had done so. In addition, the decision provides that the inquiry sought to establish whether the PHECC infringed Article 37(7) of the GDPR concerning the publication of the DPO's contact details and the communication of such details to the DPC. Furthermore, the decision highlights that the Inquiry further intended to establish whether the PHECC infringed Article 31 of the GDPR by failing to cooperate, on request, with the DPC in the performance of its tasks.
Findings of the DPC
In its findings, the DPC found that the PHECC had infringed the following provisions of the GDPR:
- Article 37(1), by failing to designate a DPO for the organisation;
- Article 37(7), by failing to publish the contact details of a DPO and communicate these details to the DPC; and
- Article 31, by failing to cooperate with the DPC in the performance of its tasks, regarding the monitoring and enforcement of the application of Article 37 of the GDPR, following the DPC's requests initiated on 14 September 2020 and concluded on 5 November 2021.
In addition, the decision confirms that the PHECC's failure to cooperate with the DPC was without intent, highlighting, however, that data controllers should not fail to cooperate, in any way, with repeated efforts to monitor and enforce the GDPR.
Outcomes
In conclusion, the DPC deemed appropriate to issue the PHECC with a reprimand in respect of the infringements of Articles 31, 37(1), and 37(7) of the GDPR.
You can read the decision here.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
