Wednesday, 14 February 2018

Questions (171)

Catherine Murphy


171. Deputy Catherine Murphy asked the Minister for Health the preparedness of his Department in the context of the incoming general data protection regulation, GDPR, EU 2016/679; if staff in his Department have undertaken or been offered specific training and-or briefing on the GDPR; and if he will make a statement on the matter. [7648/18]

View answer

Written answers (Question to Health)

The Department of Health is working closely with other Government Departments and participating fully in an inter-departmental group on data protection chaired by the Department of the Taoiseach, which is identifying GDPR related issues at central level and facilitating coordinated preparations for the coming into effect of the GDPR in May 2018.

The Department's core GDPR related activity, at present, is in working closely with the Department of Justice and Equality on the Data Protection Bill, to ensure that the Bill includes health information provisions consistent with the GDPR that will support patient care and safety and better health service management while, at the same time, building greater public confidence in how health information is handled through improved transparency and other suitable and specific measures provided for in the Bill.

In addition, the Department has been liaising with the Office of the Data Protection Commissioner, the HSE, the Health Research Board and a number of other health agencies in relation to the legislative framework around the processing of health data post GDPR to create an appropriate and robust legislative basis for the processing of personal data across the health system. This is closely related to a public consultation conducted by the Department in 2017 on the drafting of a health information policy framework. Preparations will continue in the coming weeks and months.

A number of staff in key areas of my Department have attended relevant seminars and presentations in recent months and I expect that additional training will take place over the course of the coming months. An appointment to the role of Data Protection Officer, as required under the GDPR, will be made in time for the coming into effect of the regulation in May this year.