Data Protection

My Department is fully aware of its responsibilities in respect of the processing of personal data as provided for in the Data Protection Acts 1988 and 2003.

My Department’s Data Protection Policy outlines the procedures that must be followed by all staff in the Department and its Offices whose duties entail processing personal data. This Policy outlines best practice in relation to processing of data by staff within the Department and its Offices in instances where personal data is provided to an external body for processing. The objective of the policy is to ensure that personal data held by my Department and its Offices is processed in accordance with the provisions of the Data Protection Acts 1988 and 2003. Responsibility for compliance with this policy rests with the heads of the individual business units and all business units are aware of their responsibilities in this regard.

As my Department does not have a recruitment licence, the recruitment of staff is handled for it by the Public Appointments Service (PAS). Internal promotion competitions are organised by HR Unit without the involvement of outside consultancy.

Since my appointment there has been one occasion where the Office of the Director of Corporate Enforcement used an employment agency for the recruitment of a legal secretary on a temporary basis. The contract put in place included a general clause requiring the contractor to comply with all legal requirements and a detailed section on confidentiality, including specific reference to the confidentiality requirements surviving completion of the contract.  I am satisfied that data protection issues were adequately and appropriately addressed as part of these arrangements.