My Department began its GDPR preparations last year with the appointment, as required under Article 37 (1)(a) of the Regulation, of an Interim Data Protection Officer (DPO) who undertook training and is a Certified Data Protection Practitioner. The DPO also represents my Department at the Interdepartmental Committee on Data issues which is chaired by the Department of an Taoiseach.
Additionally, an identification and audit of personal data has taken place in my Department and through this exercise all staff have been made aware of the Regulation, its impacts on the Department and the new data subject rights under the Regulation. Furthermore, my Department is currently in the process of establishing a Data Protection Working Group which will have representatives from each sectoral area and will engage with the DPO on all issues of on-going compliance with the Regulation.
My Department has planned training for staff ahead of 25 May 2018. Training will consist of foundation level training but also, in compliance with the Regulation, training that is commensurate to the type of personal data being processed.