The General Data Protection Regulation (GDPR) came into effect on 25 May 2018 and replaced previous data protection laws in the European Union.
The new law gives individuals greater control over their data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by organisations.
Personal data is any information that can identify an individual person. This includes a name, an ID number, location data (for example, location data collected by a mobile phone) or a postal address, online browsing history, images or anything relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.
GDPR is based on the core principles of data protection which existed under previous law. These principles require organisations and businesses to:
The Department of Rural and Community Development is committed to protecting and respecting your privacy and employs appropriate technical and organisational measures to protect your information from unauthorised access.
The department needs to process certain personal data in order to carry out tasks required in the course of the performance of our functions and to comply with certain legal obligations to which the department is subject.
Examples of this include processing related to our role as an employer or in relation to appointments to boards; processing data in order to make payments or carry out audits; processing submissions from public consultations; processing contact details in the course of communicating with a wide range of the department’s stakeholders; processing formal requests for information or general queries from customers; processing connected to public procurement and contractual agreements with service providers, processing in relation to applications to programmes run by the department, etc.
Personal data will only be exchanged with other departments, agencies or public bodies in certain circumstances where this is provided for by law.
Personal data will only be retained by the department for the period necessary for the purposes for which the data was collected and processed, or where subject to statutory requirements. Personal data no longer required will be destroyed or deleted in a secure manner.
The department’s Data Protection Policy contains further details on how we deal with personal data and your rights as a data subject.
If you wish to obtain details about personal data that this department may be processing relating to you then please download the Subject Access Request form by clicking on the link below.Subject Access Request Form
Please return the completed form, either by post or email to:
Under the GDPR individuals have the significantly strengthened rights to:
You will receive an acknowledgement letter from us once we have verified that your Subject Access Request form is fully completed and when we have also verified your identity based on the documentation you provide.
We will reply to requests within a calendar month but we do reserve the right to extend that deadline by up to two months if the request is complex or if we are processing numerous requests at that time. In such cases we will notify you of the requirement to extend the deadline within a month of receiving the request and we will provide a reason for the delay.
If the Subject Access Request is either unfounded, excessive or repetitive the department will charge for dealing with the request by levying a fee to take into account the administrative costs of providing the information. In all other cases the service is free of charge.
More comprehensive information on GDPR can be found on the Data Protection Commissioner's website.