The role of the Department of Health (‘the department’) is to serve the public and support the Minister for Health, Ministers of State and the government.
The department’s mission is to improve the health and wellbeing of people in Ireland by:
The department is the data controller of all data which it collects from members of the public, healthcare professionals, State agencies under the aegis of the department, or other public bodies.
This Privacy Statement is a statement of the department’s commitment to protecting personal data and individuals’ rights and privacy afforded by the General Data Protection Regulation (‘the GDPR’) and the Data Protection Acts 1988 to 2018.
The department is committed to adhering to the following principles of data protection:
Personal Data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identified or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The department has appointed a Data Protection Officer (‘DPO’) whom you may contact if you have any questions or concerns. The DPO’s role is to improve accountability, monitor compliance and raise awareness of data protection within the department. The DPO is also the point of contact for members of the public and the Data Protection Commission (‘the DPC’).
The Data Protection Officer’s contact details are below
The department needs to process certain personal data to carry out the tasks required for the performance of its functions and to comply with certain legal obligations. We also process personal data received from members of the public who contact us so that we can provide them with the services they require.
Processing of Information takes place for the following purposes:
Most of the personal data processing by this department is carried out for the performance of the Minister’s functions or in the public interest. In addition, personal data is processed by the department in compliance with certain legal obligations to which the department is subject.
The department may also process personal data in accordance with certain contracts it has put in place and, in limited circumstances, where it has a legitimate interest in processing certain data, for example audit purposes.
In very limited circumstances the department will process personal data on the basis of the individual’s consent. This includes data relating to health research activities.
In order to perform its functions, the department needs to collect many categories of personal data.
While the types of personal data processed may change depending on the purpose, the general categories of personal data collected and the reasons for collecting the data are set out in the following table.
|Reason||Categories of Personal Data Collected|
|Patient Safety Issues and Notifications||May include name, gender, date of birth, address, medical condition, name of GP/consultant, attending hospital|
|Processing purposes to meet the specific obligations under legislation||May include contact and location information, medical condition and in relation to health professionals, identification/registration number, and information on qualifications|
|Public Correspondence||Name, gender, date of birth, address, medical condition, name of GP/consultant, attending hospital, other details provided by members of the public in correspondence with the department|
|Public Consultations||Contact details as well as personal beliefs and opinions volunteered by members of the public, including media|
|Parliamentary Questions and Representations made by Elected Representatives||Name, gender, date of birth, address, medical condition, name of GP/consultant, attending hospital, other details provided by members of the public to the elected representative|
|Health Promotion and Awareness Campaigns and Other Research Activities, Patient Safety Initiatives and Other Programmes||Contact details and other personal information requested from or provided by members of the public/healthcare providers, survey participants|
|Contact/Information Purposes||Contact details such as name, address, telephone and email address of officials in agencies under the aegis of the department, other healthcare providers, representative bodies, interest/lobby groups, media, research bodies and third level institutions, other government departments/agencies and EU/international bodies|
|Litigation/Statutory Committees of Investigation||Personal data, including contact details and medical and family history, contained in records relating to litigation/statutory committees of investigation, in which department is involved. In some instances financial details necessary to facilitate payments|
|Processing purposes under FOI, Data Protection, Protected Disclosures and other legislation||Contact details such as name, address, telephone and email address, occupation|
|Committee/Board Appointments||Contact details such as name, address, email, telephone number, information relating to educational and work experience|
|Information relating to certain human resources policies/Recognition of Professional Qualifications||Education, work experience and contact data including identification number relating to health sector staff|
Please note that the information listed above may be used for another one or more purpose, as outlined in the section dealing with Purpose and Legal Basis for Processing.
Directly from individuals
The department collects personal data directly from members of the public, patients and their family members and third-party representatives such as Solicitors, and lobby/interest groups. This data may be received by phone, email or written correspondence. It may also be obtained through public consultations.
Personal data is also obtained from elected representatives representing a constituent or his/her family member who is seeking information or a service on behalf of the constituent.
Personal data relating to healthcare providers is also held in the department. This includes information relating to service providers and their representative bodies, agencies providing services in the healthcare sector and information held on healthcare professionals in relation to specific schemes.
The Health Service Executive and other State agencies under the aegis of the department disclose data to the department in the performance of their functions. Information includes data required to support the management of the service in question, governance activities, appointments to Committees/Boards, information relating to human resources policies and procedures, information relating to legal cases against the State and contact details for mailing lists etc.
The list of State agencies under the aegis of the department is available here.
Other Public Bodies
The department liaises with a wide range of government departments and agencies in order to perform its functions, for example:
In some instances, personal information held by the department is shared with other government departments/agencies to enable the department to perform its functions. In such cases the disclosure is made in a manner consistent with the original purpose for which the information was provided.
You have certain rights available to you in relation to personal data held by the department. However not all rights listed are applicable in every circumstance. These rights are outlined below and can be exercised by contacting the Data Protection Officer, as detailed above, indicating which right(s) you wish to exercise.
To obtain a copy of your personal data held by the Department of Health, please complete a Subject Access Request form The completed form, along with some photographic identification (passport/driver’s licence) should be returned to the address below:
The information requested will be provided within one month of the date of receipt of the request by the department.
There are a small number of circumstances in which the right to access personal data may be limited. For example, data subjects do not have a right to see communications between the department and its legal advisers where it would be subject to legal privilege in court. The right of access to information relating to other people is also curtailed.
You have the right, if you are unhappy with how we have delivered on our obligations, to make a complaint at any time to the Data Protection Commission. You can contact the Commission at:
The website of the www.dataprotection.ie
Our Privacy Statement may change from time to time. If we make any changes we will post those changes here and the “Version Control” page at the back of this Privacy Statement.
|Version||Date||Changes made by||Details|
|1.0||24 May 2018||DPO||First version of Privacy Statement|
|2.0||1 August 2018||DPO||Second version of Privacy Statement|
|3.0||1 March 2019||DPO||Third version of Privacy Statement|
|4.0||12 August 2019||ROC||Fourth version of Privacy Statement – change contact details for DPO/Unit|