We fully respect your right to privacy. Any personal information which you provide to us will be treated with the highest standards of security and confidentiality, strictly in accordance with the Data Protection Acts 1988-2018.
As an EU Regulation, the GDPR does not generally require transposition into Irish law, as EU Regulations have “direct effect”. In Ireland, we have introduced new legislation known as the Data Protection Act 2018
which was signed into law on 24 May 2018.
gives further effect to the GDPR in areas where Member States have some flexibility (Part 3 of the Act), for example, the digital age of consent
This new Act, together with the previous data protection legislation will be collectively known as the “Data Protection Acts 1988-2018”.
Data Protection legislation
The Data Protection Acts 1988-2018 are designed to protect people’s privacy. The legislation confers rights on individuals in relation to the privacy of their personal data as well as responsibilities on those persons holding and processing such data.
Personal data means data relating to a person who is or can be identified either from the data itself or in conjunction with other information that is in, or is likely to come into, the possession of the department. It covers any information that relates to an identified or identifiable living individual. These data can be held on computers or in manual files.
The department’s obligations
Under the GDPR and Data Protection Acts 1988-2018, this department, as a Data Controller, has a legal responsibility to:
obtain and process personal data lawfully, fairly and in a transparent manner
keep it only for one or more specified and explicit lawful purpose(s)
process it only in ways compatible with the purpose of which it was given initially
keep data accurate, relevant and not excessive
retain it no longer than is necessary for the specified purpose or purposes
keep personal data safe and secure
Our Data Protection Officer
Our Data Protection Officer is Celyna Coughlan. She is responsible for all Data Protection matters for our department and its six Offices, including:
the Workplace Relations Commission (WRC)
the Labour Court
Companies Registration Office (CRO)
Registry of Friendly Societies (RFS)
the Office of the Director of Corporate Enforcement (ODCE)
You must complete a Subject Access Request form
in order to request a copy of your own personal information from us. This Form must be completed in full and sent to our Data Protection Officer. You will also need to supply us with adequate Proof of Identity as part of this process. You should try to be as specific as possible in identifying the personal information that you are seeking from us. Also, if possible, try to specify the areas of the department where you feel would be most relevant to your request. This will assist us in providing you with an effective and efficient service.
If you need assistance with completing the Subject Access Request (SAR) form please contact Celyna Coughlan, Data Protection Officer at: firstname.lastname@example.org
or by telephone at: 01 631 2398.
In general, there is no charge for individuals who seek access to their personal records under the Data Protection Acts and requests must be completed within one month.
Exceptions to the right of access
In a small number of circumstances your right to access personal records can be limited. This is necessary in order to strike a balance between the rights of the individual, on the one hand, and some important needs of civil society, on the other hand.
Supervision and enforcement
Independent supervisory authorities
Under the GDPR, each EU Member State will have one or more independent public authorities responsible for monitoring the application of the Regulation. In Ireland, under the Data Protection Act 2018,
the Data Protection Commissioner has been replaced with a Data Protection Commission.
Each supervisory authority will:
monitor and the enforce the application of the GDPR
promote public awareness of the rules and rights around data processing
advise the government on data protection issues
promote awareness among controllers and processors of their obligations
provide information to individuals about their data protection rights
maintain a list of processing operations requiring data protection impact assessment
Each authority will have the power to order any controller or processor to provide information that the authority requires to assess compliance with the Regulation. The authority may carry out investigations of controllers and processors in the form of data audits, including accessing the premises of a controller or processor. The authority can order a controller or processor to change their processes, comply with data subject requests. The authority can also issue warnings to controllers and processors and can ban processing as well as commence legal proceedings against a controller or processor.
European Data Protection Board
The GDPR will introduce a new European data protection supervisory authority.
The European Data Protection Board will be responsible for ensuring that the GDPR is applied consistently across the European Union. The Board will issue guidelines and recommendations on the application of the Regulation. The Board will also advise the EU Commission on the application of the Regulation and any updates that may be required. The Board will be made up of the head of one supervisory authority of each EU Member State and a European Data Protection supervisor.
Further information about an individual’s rights under the Data Protection Acts