The General Data Protection Regulation (GDPR) which will take effect on 25 May 2018 places additional responsibilities on controllers and processors of personal data.
My Department is aware of its obligations under the GDPR and is taking appropriate measures to ensure compliance with the regulation. These measures include reviewing the personal data held in the Department and ensuring that it is processed lawfully, revising the Department's data protection internal policy and procedures, identifying areas where a data protection impact assessment is required, and continued participation at the interdepartmental committee on data issues, chaired by the Department of An Taoiseach, on cross-Departmental data protection issues.
I can advise the Deputy that my Department has assigned a data protection officer as required under article 37 of the GDPR. The Department's data protection officer has undergone accredited training in data protection. I can also advise the Deputy that my Department has recently held a number of training courses for the Department's staff on data protection and obligations under the GDPR.