Organisation information
Data Protection and the General Data Protection Regulation (GDPR)
From Department of Enterprise, Trade and Employment
Published on
Last updated on
From Department of Enterprise, Trade and Employment
Published on
Last updated on
We fully respect your right to privacy. Any personal information which you provide to us will be treated with the highest standards of security and confidentiality, strictly in accordance with the Data Protection Acts 1988-2018.
The General Data Protection Regulation EU 2016/679 is a regulation on data protection and privacy for all individuals within the European Union. It came into force across the European Union on 25 May 2018.
It replaces the previous data protection directive which has been in force since 1995 and forms the basis of our new Data Protection Irish laws (Data Protection Acts 1988-2018).
As an EU Regulation, the GDPR does not generally require transposition into Irish law, as EU Regulations have “direct effect”. In Ireland, we have introduced new legislation known as the Data Protection Act 2018 which was signed into law on 24 May 2018.
Among its provisions, the Act:
This new Act, together with the previous data protection legislation will be collectively known as the “Data Protection Acts 1988-2018.”
The Data Protection Acts 1988-2018 are designed to protect people’s privacy. The legislation confers rights on individuals in relation to the privacy of their personal data as well as responsibilities on those persons holding and processing such data.
Personal data means data relating to a person who is or can be identified either from the data itself or in conjunction with other information that is in, or is likely to come into, the possession of the department. It covers any information that relates to an identified or identifiable living individual. These data can be held on computers or in manual files.
Under the GDPR and Data Protection Acts 1988-2018, this department, as a Data Controller, has a legal responsibility to:
Our Data Protection Officer is Celyna Coughlan. She is responsible for all Data Protection matters for our department and its six Offices, including:
You can contact our Data Protection Officer by emailing dataprotection@enterprise.gov.ie or by telephone at (01) 631 2398.
A data subject (“individual”) has the following rights under the GDPR and Data Protection Acts 1988-2018:
An individual can make a data protection access request by completing a Item was unpublished or removed
Celyna Coughlan, Data Protection Officer, Department of Enterprise, Trade and Employment, Kildare Street, Dublin 2, D02 TD30.
Applications can also be sent electronically to dataprotection@enterprise.gov.ie
You must complete a Item was unpublished or removed
The most efficient way for us to deal with your Subject Access Request (SAR) is to email us with a copy of your completed Subject Access Request (SAR) form and adequate proof of identity to dataprotection@enterprise.gov.ie .
If you need assistance with completing the Subject Access Request (SAR) form please contact Celyna Coughlan, Data Protection Officer at: dataprotection@enterprise.gov.ie or by telephone at: 01 631 2398.
In general, there is no charge for individuals who seek access to their personal records under the Data Protection Acts and requests must be completed within one month.
In a small number of circumstances your right to access personal records can be limited. This is necessary in order to strike a balance between the rights of the individual, on the one hand, and some important needs of civil society, on the other hand.
Independent supervisory authorities
Under the GDPR, each EU Member State will have one or more independent public authorities responsible for monitoring the application of the Regulation. In Ireland, under the Data Protection Act 2018, the Data Protection Commissioner has been replaced with a Data Protection Commission.
Each supervisory authority will:
Each authority will have the power to order any controller or processor to provide information that the authority requires to assess compliance with the Regulation. The authority may carry out investigations of controllers and processors in the form of data audits, including accessing the premises of a controller or processor. The authority can order a controller or processor to change their processes, comply with data subject requests. The authority can also issue warnings to controllers and processors and can ban processing as well as commence legal proceedings against a controller or processor.
European Data Protection Board
The GDPR will introduce a new European data protection supervisory authority. The European Data Protection Board will be responsible for ensuring that the GDPR is applied consistently across the European Union. The Board will issue guidelines and recommendations on the application of the Regulation. The Board will also advise the EU Commission on the application of the Regulation and any updates that may be required. The Board will be made up of the head of one supervisory authority of each EU Member State and a European Data Protection supervisor.
Further information about an individual’s rights under the Data Protection Acts
The Data Protection Commission website offers an explanation of the rights and responsibilities under the Data Protection Acts.
Information is also available from:
You can contact the Office of the Data Protection Commission by emailing info@dataprotection.ie or by telephone at 01 7650100 / 1800 437 737.
Further information is also available on the dedicated document GDPR and You.