My Department is committed to protecting the rights and privacy of individuals in accordance with both European Union and Irish data protection legislation. As part of this commitment my Department has proactively supported training and awareness of both key staff and the wider Department.
Beginning prior to the implementation date of 25th May 2018, my Department undertook a “GDPR Readiness” project involving officials from key Business Units working together to ensure the appropriate steps were taken and training was undertaken at that time. My Department paid Mr Dylan West, Law Library, a total of €2,880 in 2018 for advice in relation to that project.
Following the introduction of GDPR and the Data Protection Act, 2018, officials working in the data protection function of my Department have attended relevant conferences and undertook training to upskill and stay abreast of issues in what is an ever-developing area of law. Details of training undertaken and conferences attended are set out are set out in the tables below.
Training
Company
|
Attendees
|
Total Cost
|
CMG
|
11
|
4526.7
|
IPA
|
1
|
405
|
Government DPO Framework Training (IACT)
|
7
|
6771
|
Mason Hayes & Curran
|
1
|
295
|
Irish Centre for European Law
|
1
|
300
|
Privacy Laws & Business
|
2
|
800
|
European IPA
|
1
|
2070
|
Total
|
24 places
|
€15,167.70
|
Conferences
Company
|
Attendees
|
Total Cost
|
Legal Island
|
1
|
155
|
Data Forum
|
1
|
192.19
|
Iquest Ltd
|
5
|
1451.40
|
CMG
|
3
|
1420.65
|
Irish Computer Society
|
1
|
520
|
PDP
|
2
|
1940.25
|
Total
|
12 places
|
€5,679.49
|
Officials in the Data Protection function work with Business Units in supporting compliance and pass on the relevant knowledge through briefing and direct engagement. The Department has also established a Data Stewards Network with representatives from each Business Unit who will act as a local resource and point of knowledge of Department policies and procedures. Data Protection has also been the topic at a number of internal networking events and other engagements since 2017 with presentations and discussion led by relevant officials.
In addition to the ongoing development of the data protection function, the Department has sought to raise awareness amongst the wider Department through the procurement of a “GDPR and Data Protection E-learning module” for all staff (circa 1,500) at a cost of €13,750 from Legal Island ltd. This is being rolled out to staff on a phased basis at present.
Seven officials also attended a training course by Philip Lee Solicitors on “Data Protection Impact Assessment” in April 2018 at a cost of €1537.50.
On a related note, the Internal Audit function of my Department has entered into a three year contract with Deloitte to deliver IT technical internal audit services. A multi-year IT technical audit plan has been agreed, of which an IT GDPR technical systems assessment is included. This audit report was completed at a cost was €13,737 (VAT inclusive) and approved by the Audit Committee in May 2019.