Department of Health (Register of Users)

Updated: May 2019

Yes

(i) Under S.I. No. 273/2011, Returns of Payments (Government Departments and Other Bodies) Regulations 2011, the Department makes required returns of payments to the Revenue Commissioners. These electronic returns include the “tax reference number” of each payee. In some cases the “tax reference number” may be an individual's PPSN. PAYE returns.

The Department's payroll is processed primarily through the Payroll Shared Services Centre (PSSC).

(ii) The Payroll Unit stores details of each employee's PPSNs, routinely the Department will receive and supply details to/from other Departments which identify staff by PPSN as well as other personal details.

(ii) The Department receives PPSN details from TD's on behalf of constituents in relation to Parliamentary Questions and Representations which are forwarded on to HSE for direct response. These PPSNs not used by the Department of Health.

(iii) In the management of HR functions, the Department receives reports from the Department of Public Expenditure and Reform in relation to our staffing numbers and they are sorted by PPSN/names. The information for these reports is taken from the Department's Human Resources Management System (HRMS), a system which is used by all Civil Service Departments and managed on their behalf by the National Shared Services Office (NSSO). Records on this system use the PPSN as an identifier.

The Department is required to cross reference reports from DPER with a list from Corepay (our Accounts payroll system) to ensure numbers are accurate.

We also use PPSNs when contacting other Civil Service Departments' HR Units when staff are transferring and when dealing with staff queries through the HR Shared Services, NSSO.

The Revenue Commissioners, the purposes of the exchanges are as set out at 2 (i) above.

Other Government Departments and Agencies, as set out in 2(ii), and 2(iii) above.

No

There is a duty to ensure compliance with the principles of processing personal data which are set out in Article 5(1) and 5(2) of the GDPR.

These principles are summarised as follows:

• process it lawfully, fairly, and in a transparent manner
• collect it only for one or more specified, explicit and legitimate purposes, and do not otherwise use it in a way that is incompatible with those purposes
• ensure it is adequate, relevant and limited to what is necessary for the purpose it is processed
• keep it accurate and up-to-date and erase or rectify any inaccurate data without delay
• where it is kept in a way that allows you to identify who the data is about, retain it for no longer than is necessary
• keep it secure by using appropriate technical and/or organisational security measures
• be able to demonstrate your compliance with the above principles
• respond to requests by individuals seeking to exercise their data protection rights (for example the right of access)

Yes

There are measures in place to ensure that the PPSN data is secure and is processed and accessible only for the stated purposes. The Department of Health is committed to protecting personal data and individuals’ rights and privacy afforded by the General Data Protection Regulation (‘the GDPR’) and the Data Protection Acts 1988 to 2018.