A notice about cookies

This website uses cookies. Some cookies may have been set already. To find out more about our use of cookies you can visit our Privacy policy. By browsing this website, you agree to our use of cookies.


This is a prototype - your feedback will help us to improve it.

Organisation Information

Data Protection

Published: 27 November 2018
From: Department of Rural and Community Development

General Data Protection Regulation

The General Data Protection Regulation (GDPR) came into effect on 25 May 2018 and replaced previous data protection laws in the European Union.

The new law gives individuals greater control over their data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by organisations.

Personal data is any information that can identify an individual person. This includes a name, an ID number, location data (for example, location data collected by a mobile phone) or a postal address, online browsing history, images or anything relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.

GDPR is based on the core principles of data protection which existed under previous law. These principles require organisations and businesses to:

  • collect no more data than is necessary from an individual for the purpose for which it will be used
  • obtain personal data fairly from the individual by giving them notice of the collection and its specific purpose
  • retain the data for no longer than is necessary for that specified purpose
  • keep data safe and secure
  • provide an individual with a copy of his or her personal data if they request it

How we use personal data

The Department of Rural and Community Development is committed to protecting and respecting your privacy and employs appropriate technical and organisational measures to protect your information from unauthorised access.

The department needs to process certain personal data in order to carry out tasks required in the course of the performance of our functions and to comply with certain legal obligations to which the department is subject.

Examples of this include processing related to our role as an employer or in relation to appointments to boards; processing data in order to make payments or carry out audits; processing submissions from public consultations; processing contact details in the course of communicating with a wide range of the department’s stakeholders; processing formal requests for information or general queries from customers; processing connected to public procurement and contractual agreements with service providers, processing in relation to applications to programmes run by the department, etc.

Personal data will only be exchanged with other departments, agencies or public bodies in certain circumstances where this is provided for by law.

Personal data will only be retained by the department for the period necessary for the purposes for which the data was collected and processed, or where subject to statutory requirements. Personal data no longer required will be destroyed or deleted in a secure manner.

The department’s Data Protection Policy contains further details on how we deal with personal data and your rights as a data subject.

How to make a GDPR request

If you wish to obtain details about personal data that this department may be processing relating to you then please download the Subject Access Request form by clicking on the link below.

Subject Access Request Form

Please return the completed form, either by post or email to:

Data Protection Officer
Address: Data Protections Unit, Trinity Point , Leinster Street South , Dublin 2, D02 EF85
Phone: 0761064900
Email: dataprotectionunit@drcd.gov.ie

Information that can be obtained with a GDPR request

Under the GDPR individuals have the significantly strengthened rights to:

  • obtain details about how their data is processed by an organisation or business
  • obtain copies of personal data that an organisation holds on them
  • have incorrect or incomplete data corrected
  • have their data erased by an organisation, where, for example, the organisation has no legitimate reason for retaining the data
  • obtain their data from an organisation and to have that data transmitted to another organisation (Data Portability)
  • object to the processing of their data by an organisation in certain circumstances
  • not to be subject to (with some exceptions) automated decision making, including profiling

Request process

You will receive an acknowledgement letter from us once we have verified that your Subject Access Request form is fully completed and when we have also verified your identity based on the documentation you provide.

We will reply to requests within a calendar month but we do reserve the right to extend that deadline by up to two months if the request is complex or if we are processing numerous requests at that time. In such cases we will notify you of the requirement to extend the deadline within a month of receiving the request and we will provide a reason for the delay.

Cost of making a GDPR request

If the Subject Access Request is either unfounded, excessive or repetitive the department will charge for dealing with the request by levying a fee to take into account the administrative costs of providing the information. In all other cases the service is free of charge.

More comprehensive information on GDPR can be found on the Data Protection Commissioner's website.