Mr. Seamus Carroll:

Our current data protection law - the 1998 and 2003 Acts - covers all data processing operations. The rights are conferred on data subjects and the obligations are imposed on data controllers and data processors. I accept the Deputy's point about it being impenetrable because we are even using a different language of "data subject" instead of "individual" and "data controller" instead of "public body", so it has a vocabulary of its own which does not make it any easier to understand.

What the regulation does and what this legislation will do in transposing the directive is raise the standards of data protection to increase the rights of individuals and extend the obligations on those who process personal data. The regulation and the directive provide for a more detailed application of rules with a view to achieving greater harmonisation across the European Union. The current data protection directive dating from 1995 has 30 articles. The GDPR has 90, while the new directive has 60. That is a rough indication of the increased complexity.

When it comes to scope, individuals will be exempt to the extent that the so-called household exemption will apply. Where individuals are processing data for personal or household purposes, data protection law does not apply. Other than that, the scope will be similar to that of the current-----