The Revenue Commissioners (Register of Users)

Updated: November 2018

Yes

It is used as an individual’s Tax Reference number.

Revenue discloses taxpayer information relating to individuals or companies to a number of external bodies. The taxpayer information may include PPS numbers. The data is disclosed in accordance with specific statutory provisions contained in a variety of enactments. Some of the Departments that Revenue shares information with are listed below:

• National Employment Rights Authority
• Department of Social Protection
• Department of Agriculture, Food & Marine
• Health Service Executive/Department of Health
• Sheriffs /County Registrar/An Garda Siochána/Criminal Assets Bureau
• City of Dublin ETB (Student Universal Support Ireland (SUSI))
• Office of the Director of Corporate Enforcement
• Central Statistics Office

The purpose of such exchanges is to enhance service delivery to customers of Revenue and to meet obligations under specific enactments and legislation.

Revenue shares data with Sheriffs/County Registrars under Section 851A(8)(h), of the Taxes Consolidation Act 1997.

Revenue shares data with the Director of Corporate Enforcement (ODCE) under Section 18, (as amended) of the Company Law Enforcement Act 2001.

Revenue shares data with an Garda Siochána under Section 851B(3)(d) of the Taxes Consolidation Act 1997.

Revenue shares data with the Criminal Assets Bureau under Section 1(2)(b)(ii) of the Disclosure of Certain Information for Taxation and Other Purposes Act 1996.

As required under statutory provisions.

There is a duty to ensure compliance with the principles of processing personal data which are set out in Article 5(1) and 5(2) of the GDPR. These principles are summarised as follows:

• process it lawfully, fairly, and in a transparent manner
• collect it only for one or more specified, explicit and legitimate purposes, and do not otherwise use it in a way that is incompatible with those purposes
• ensure it is adequate, relevant and limited to what is necessary for the purpose it is processed
• keep it accurate and up-to-date and erase or rectify any inaccurate data without delay
• where it is kept in a way that allows you to identify who the data is about, retain it for no longer than is necessary
• keep it secure by using appropriate technical and/or organisational security measures
• be able to demonstrate your compliance with the above principles, and
• respond to requests by individuals seeking to exercise their data protection rights (for example the right of access)

Revenue has a Data Protection Officer appointed by the Board pursuant to Article 37 of the GDPR, who has overall responsibility for ensuring compliance with data protection policy and management. Senior management are accountable in that they are required to ensure that staff report data breaches to the Data Protection Unit which are then logged in a data breach register and reported to the DPC where deemed necessary.

In addition to the statutory provisions for the disclosure of information referred to at 3 above, Revenue has put in place Data Exchange agreements with the bodies concerned in consultation with the ODPC. These agreements detail the obligations on the parties in relation to data security, access, storage and retention and include an audit clause which permits Revenue to audit compliance with data protection requirements relating to Revenue business.

Furthermore, all Revenue officials are bound by the Official Secrets Acts, the Civil Service Code of Standards and Behaviour and the Revenue Code of Ethics. As well as those safeguards, Section 851A of the Taxes Consolidation Act 1997 introduced criminal sanctions for unauthorised disclosure of taxpayer information.