Criminal Justice (Forensic Evidence and DNA Database System) Act 2014
|
Recording of supply and receipt of data for requests pursuant to Article 7 of 2008 Council Decision or that Article as applied by 2009 Agreement with Iceland and Norway | ||
|
| ||
135. The Act of 2008 is amended by the insertion of the following section after section 79B (inserted by section 134 ): | ||
“79C. (1) The Central Authority shall record, in accordance with subsection (2), the supply and receipt of data— | ||
(a) in the case of requests under section 77, and | ||
(b) in the case of requests referred to in section 78, | ||
that are made pursuant to Article 7 of the 2008 Council Decision or that Article insofar as it is applied by Article 1 of the 2009 Agreement with Iceland and Norway. | ||
(2) The recording of the supply and receipt of data under subsection (1)shall be in a permanent legible form or be capable of being converted into a permanent legible form and shall include the following particulars in relation to the data: | ||
(a) a description of the data supplied or received; | ||
(b) the reason for the request concerned; | ||
(c) the date the data were supplied or received; | ||
(d) the name or reference code of the Central Authority and the name or reference code of the appropriate authority within the meaning of section 77 concerned or of the authority which supplied or received the data, as the case may be. | ||
(3) Records created under this section may be used only for the purposes of monitoring data protection and ensuring data security. | ||
(4) The Central Authority shall— | ||
(a) retain the records created under this section for a period of 2 years from the time of their creation, and | ||
(b) immediately after that period, destroy those records. | ||
(5) Whenever requested to do so by the Data Protection Commissioner, the Central Authority shall furnish the records created under this section to the Data Protection Commissioner as soon as practicable, but in any event not later than 4 weeks, after the receipt of a request to do so. | ||
(6) The Central Authority shall— | ||
(a) using the records created under this section, carry out random checks on the lawfulness of the supply and receipt of data, | ||
(b) retain the results of those random checks for a period of 18 months from the time that they were carried out for the purposes of inspection by the Data Protection Commissioner, and | ||
(c) immediately after that period, destroy those results. | ||
(7) A data controller who supplies or receives data— | ||
(a) in the case of requests under section 77, or | ||
(b) in the case of requests referred to in section 78, | ||
that are made pursuant to Article 7 of the 2008 Council Decision, or that Article insofar as it is applied by Article 1 of the 2009 Agreement with Iceland and Norway, shall furnish such of the particulars specified in subsection (2) in relation to those data as the data controller has, as soon as reasonably practicable, to the Central Authority for the purposes of enabling the Central Authority to comply with this section. | ||
(8) In this section ‘reference code’, in relation to the Central Authority or other authority, means the reference code that is assigned to the Central Authority or that other authority, as the case may be, for the purposes of the 2008 Council Decision or the 2009 Agreement with Iceland and Norway.”. |