Tuesday, 24 November 2020

Questions (159)

Patrick Costello


159. Deputy Patrick Costello asked the Tánaiste and Minister for Enterprise, Trade and Employment the grade at which the chief data protection officer in his Department is employed. [37912/20]

View answer

Written answers (Question to Enterprise)

A full-time Data Protection Officer (DPO) at the level of Assistant Principal Officer was appointed on 30 April 2018. My Management Board agreed the assignment of a full-time post at this level to strengthen the Department's preparation for the EU General Data Protection Regulation on 25 May 2018.

The DPO operates with independence in this important role and with the full authority of the Secretary General and Management Board.

Since the introduction of the GDPR and Data Protection Act 2018, at a practical level, the DPO's role has included:

- initial point of contact within the Department for 'data subjects' who have queries/concerns in relation to personal data;

- overseeing the administration of all data subject access rights, including Subjects Access Requests (SARs) for the Department and its 5 Offices;

- providing data protection training for staff on data protection obligations and provisions of the GDPR and data protection laws;

- drafting and implementing all necessary data protection policies, guidelines and other protocols for the Department and its 5 Offices;

- assisting individual business units across the Department and its 5 Offices in identifying and responding to the requirements of the GDPR and data protection laws;

- monitoring compliance with the requirements of the GDPR and data protection laws across the Department and its 5 Offices and reporting to the Management Board and Secretary General on this, as part of overall assurance on compliance and internal control;

- advising 'data controllers' (i.e. heads of the business units which process personal data) and employees who are processing personal data of their obligations under the GDPR and data protection laws;

- ensuring that the Department has in place appropriate guidelines for staff and information for customers on data protection matters;

- assisting business units in responding to data breaches, should they occur;

- providing advice to data controllers on data protection impact assessments (should they be necessary) and to monitor these;

- co-operating with the Office of the Data Protection Commissioner as required and acting as the contact point on issues related to the processing of personal data, including prior consultation.