Here are the 8 rules from the Data Protection Agency
The person who the data describes has the right to
If a subject makes an access request then the are 40 calendar days from receiving it to respond.
The DPA specifies conditions that must be met when processing personal data, the lists below are not exhaustive..When processing Personal Data one of the following conditions must be met:
Special data that requires explicit consent
Never list criminal offences/records
When processing this Sensitive Personal Data not only must one of the above apply, but there are additional conditions, at least one of which must be met:
Databases need to be registered annually. The following implies that not-for-profit membership records are exempt from registration, but still have to follow the laws.
Data protection Agency self test quiz says this:
"If your organisation was established for not-for-profit making purposes and does not make a profit. Also answer ‘yes’ if your organisation makes a profit for its own purposes, as long as the profit is not used to enrich others. You must: only process information
necessary to establish or maintain membership or support;
only process information necessary to provide or administer activities for people who are
members of the organisation or have regular contact with it;
only share the information with people and organisations necessary to carry out the organisation’s activities. Important - if individuals give you permission to share their information, this is OK (you can still answer ‘yes’); and
only keep the information while the individual is a member or supporter or as long as necessary for member/supporter administration."
If you can identify a living individual from the data, then any data related to that person, is personal data.
The detailed rules are: