The Workplace Relations Commission (Register of Users)

Last updated June 2019

Does your organisation use the PPSN at present?

Yes. The WRC is separately prescribed under the Social Welfare (Consolidation) Acts 1998 to 2005 and Social Welfare and Pensions Act 2007 to use the PPSN.

If so, for what purpose?

PPSN’s are used as reliable identifiers in the course of employment rights investigations and associated enquires and in the context of the bringing of proceedings relating to offences under employment rights legislation and the enforcement of determinations made in relation to these proceedings. The WRC has specific powers to request the PPSN for the purposes of its functions. Section 31 of the Workplace Relations Act 2015 states that The Commission, an inspector or an Adjudication Officer may, for the purposes of his or her functions require an employer to disclose to him or her the employer’s employer registration number or, an employee to disclose to him or her the employee’s PPSN. However, the WRC is proposing to remove the PPSN from the eComplaint Form.

Does your organisation exchange the PPSN with any other body? If so, please name the relevant bodies and the purpose(s) of the exchange?

In certain cases, the Inspection and Enforcement Division of the Workplace Relations Commission will forward documentation to prosecuting Solicitors. In the past, this material may have contained the PPSN. Going forward, the Inspection and Enforcement Division of the WRC is proposing to redact the PPSN from documentation where it appears prior to transmission of the documentation to the prosecuting solicitor.

Does your organisation have any other plans involving the use of the PPSN?

None at present.

There is a duty to ensure compliance with the principles of processing personal data which are set out in Article 5(1) and 5(2) of the GDPR. These principles are summarised as follows

• process it lawfully, fairly, and in a transparent manner
• collect it only for one or more specified, explicit and legitimate purposes, and do not otherwise use it in a way that is incompatible with those purposes
• ensure it is adequate, relevant and limited to what is necessary for the purpose it is processed
• keep it accurate and up-to-date and erase or rectify any inaccurate data without delay
• where it is kept in a way that allows you to identify who the data is about, retain it for no longer than is necessary
• keep it secure by using appropriate technical and/or organisational security measures
• be able to demonstrate your compliance with the above principles and
• respond to requests by individuals seeking to exercise their data protection rights (for example the right of access

Have you measures in place to ensure that the Public Service Identity data you hold/collect whether in electronic or written format is in line with the GDPR Principles described above?

Yes. The Workplace Relations Commission has a Memorandum of Understanding with the Department of Social Protection (DSP) regarding access to computer records. Authorised Officers of the Inspection and Enforcement Division of the Workplace Relations Commission have access to the INFOSYS application of the Department of Social Protection (DSP). All officers sign an undertaking to the effect that they understand and agree to comply with the requirements of the General Data Protection Regulation (GDPR) and Data Protection Acts 1988-2018 in relation to their use of the INFOYSS application.

In addition, they

• undertake to comply with the provisions of Social Welfare legislation in relation to the use of the PPSN
• that they will not disclose personal data to any unauthorised person
• that they agree that access to or the use of the data other than for business purposes is a breach of their obligations under the General Data Protection Regulation (GDPR) and Data Protection Acts, and
• accept that they are fully responsible for all activity logged through their individual accounts

WRC Overview

Staff in the WRC have been provided with training on the compliance requirements of the new General Data Protection Regulation (GDPR) and Data Protection. In addition, a number of Information Sessions on Data Protection have been delivered by the Data Protection Officer (DPO). These sessions continue to be delivered on a regular basis to ensure that all staff are familiar with data protection requirements.

A Guidance Booklet was also drafted and provided to all staff. This Guidance Booklet is updated regularly to reflect changes and best administrative practice in relation to data protection. Information about data protection compliance is also posted regularly on a dedicated data protection area on the internal intranet for all staff. A specific module on data protection is provided as part of the Induction training for all new staff joining the WRC. Regular Communication Bulletins are also issued to all staff reminding them of their compliance obligations in relation to the processing of personal data under the General Data Protection Regulation (GDPR) and Data Protection laws.