Department of Enterprise, Trade and Employment (Register of Users)

Updated: June 2019

Yes. The Department of Business, Enterprise and Innovation (the “DBEI”) and its Offices uses the PPSN for the delivery of services to both our internal and external customers. The department’s Offices include the Companies Registration Office (the “CRO”); Registry of Friendly Societies (the “RFS”); Irish Patents Office; Office of the Director of Corporate Enforcement (the “ODCE”), the Workplace Relations Commission (the “WRC”) and the Labour Court.

The Department of Business, Enterprise and Innovation (the “DBEI”) and its Offices use the Personal Public Service Number (PPSN) for a number of internal and external administrative purposes. A separate return for the use of the PPSN by our Offices is set out in an attachment to this document, as our Offices are separately prescribed under the Social Welfare (Consolidation) Acts 1998 to 2005 and Social Welfare and Pensions Act 2007 to use the PPSN. This in effect means that they are separately specified from the department in their use of the PPSN. Only Specified Bodies named in the above Social Welfare Acts can use the PPSN.

Internal Administrative Purposes

The department uses the PPSN for the following internal administrative purposes. These uses are primarily to do with the administration of services for our staff (e.g. Human Resources functions and Payroll functions).

HR Unit

The PPSN is used for the administration of each staff members’ electronic personnel record. The PPSN is recorded by the Human Resources Shared Services (HRSS) (formerly PeoplePoint) on its Human Resources Management System (HRMS), on instruction by the local Human Resources (HR) Unit. HRMS is the system used across all fovernment departments and managed by the HRSS. The system records all relevant personal data for each individual staff member in the department. The PPSN is also recorded on individual staff members’ paper Personnel Files. The HRSS and the Payroll Shared Services (PSSC) make up the National Shared Services Office (NSSO). The HRSS will forward an individual’s PPSN to the PSSC when setting up new staff on the payroll system.

Finance Unit

PPSN’s are recorded in the department's annual P35 return to the Revenue Commissioners. They can also be referenced in respect of correspondence with the National Shared Services Office (NSSO) on foot of instructions from individual staff members (e.g. when applying for certain types of leave that may affect the individual’s salary pay and/or deductions).

Internal Audit Unit

The PPSN may be used as necessary in the conducting of internal audits of any area of the department and its Offices.

The department uses the Personal Public Service Number (PPSN) for the delivery of a number of our business services to external customers, including companies and members of the public. These services include:

Employment Permits Unit

When applying for an Employment Permit evidence of a PPSN - is required if an individual is already working in the State.

Internal Administrative Purposes

The following information in relation to the PPSN for internal administrative purposes is set out below.

HR Unit

No. HR transactional activity is now the responsibility of the HRSS (formerly PeoplePoint) – HR and Pensions Shared Services. As such, the HRSS has access to all data recorded on the HRMS system and use the PPSN as a unique identifier. The HRSS are bound by the Data Protection Policy for Civil Service Shared Services Centres.

Finance Unit

Yes. PPSN’s are included on the annual P35 return submitted to the Revenue Commissioners. PPSN’s can also be referenced in respect of correspondence with the National Shared Services Office (NSSO) on foot of instructions from individual staff members in the department and its Offices (e.g. when applying for certain types of leave that may affect the individual’s salary pay and/or deductions).

Internal Audit Unit

No. Internal Audit Unit do not exchange the PPSN with any other external body.

External Administrative Purposes

The following information in relation to the PPSN for external administrative purposes is set out below.

Employment Permits Unit

Yes. An occasion may arise where Employment Permits Unit would share a PPSN with the Immigration Service Delivery (ISD) in theDepartment of Justice and Equality for identification purposes only. Section 37 of the Employment Permits Act 2006, as amended, permits exchanges of certain information by the Minister for Business, Enterprise and Innovation, the Minister for Employment Affairs and Social Protection, the Garda Síochána, the Minister for Justice and Equality, and the Revenue Commissioners which are necessary for the exercise of their respective statutory functions. In these cases, the sharing of the PPSN is subject to data protection compliance requirements.

Internal Administrative Purposes

The following information relates to the PPSN for internal administrative purposes.

HR Unit

None at present.

Finance Unit

None at present.

Internal Audit Unit

The Unit has no additional plans to use PPSN records apart from possible use in future internal audit work of the department and its Offices.

External Administrative Purposes

The following information relates to the PPSN for external administrative purposes.

Employment Permits Unit

None at present.

There is a duty to ensure compliance with the principles of processing personal data which are set out in Article 5(1) and 5(2) of the GDPR. These principles are summarised as follows:

• process it lawfully, fairly, and in a transparent manner
• collect it only for one or more specified, explicit and legitimate purposes, and do not otherwise use it in a way that is incompatible with those purposes
• ensure it is adequate, relevant and limited to what is necessary for the purpose it is processed
• keep it accurate and up-to-date and erase or rectify any inaccurate data without delay
• where it is kept in a way that allows you to identify who the data is about, retain it for no longer than is necessary
• keep it secure by using appropriate technical and/or organisational security measures
• be able to demonstrate your compliance with the above principles, and
• respond to requests by individuals seeking to exercise their data protection rights (for example the right of access

Internal Administrative Purposes

The following information relates to the PPSN for internal administrative purposes.

HR Unit

Yes. Personal data relating to Public Service Identity is held on an electronic system which is password protected and only accessible to authorised users within the HR Unit. HR staff are aware and regularly reminded of the importance of adhering to Data Protection compliance as set out in the General Data Protection Regulation (GDPR) and Data Protection Acts 1988-2018. Dedicated training and Information sessions are also delivered regularly to all HR staff by the Data Protection Officer (DPO). In addition, a number of Physical and Electronic Safeguard measures are also in place to ensure robust data protection practices. Examples include restricted physical access to office premises, security keypads on doors, lockable storage, restricted physical access to paper files, password protections on electronic files, use of restricted password and time-out control systems, computer screen locks, use of encryption tools, etc.

Finance Unit

Yes. All public service data are held on restricted systems which have dedicated access controls. These data are only used for the purpose for which they were provided (i.e. Purpose Limitation) and on a Need to Know basis (i.e. Integrity and Confidentiality).

Internal Audit Unit

Yes. All details of specific PPSN are removed from any audit report issued. All physical files are kept securely in locked cabinets and electronic files have restricted access. If PPSN’s were required for a particular audit, they would be requested separately for each audit from the particular Business Unit or Office being audited and would only be used for this agreed purpose (i.e. Purpose Limitation), with the detail and numbers of PPSN being requested being kept to a minimum (i.e. Data Minimalisation).

External Administrative Purposes

The following information relates to the PPSN for external administrative purposes.

Employment Permits Unit: Yes. There are adequate measures in place to ensure that the PPSN data are secure and are processed and accessible only for specified, explicit and legitimate purposes.

Departmental Overview

Staff in the department have been provided with training on the compliance requirements of the new General Data Protection Regulation (GDPR) and Data Protection. In addition, a number of Information Sessions on Data Protection have been delivered by the Data Protection Officer (DPO). These sessions continue to be delivered on a regular basis to ensure that all staff are familiar with data protection requirements. A Guidance Booklet was also drafted and provided to all staff. This Guidance Booklet is updated regularly to reflect changes and best administrative practice in relation to data protection. Information about data protection compliance is also posted regularly on a dedicated data protection area on the internal intranet for all staff. A specific module on data protection is provided as part of the Induction training for all new staff joining the department. Formal training sessions have also been provided to staff who work in Business Unit that regularly process personal data by an external training provider. Regular Communication Bulletins are also issued to all staff reminding them of their compliance obligations in relation to the processing of personal data under the General Data Protection Regulation (GDPR) and Data Protection laws.