Skip to main content
Normal View

Data Protection

Dáil Éireann Debate, Thursday - 20 May 2021

Thursday, 20 May 2021

Questions (289)

Fergus O'Dowd

Fergus O'Dowd

Fergus O'Dowd

Question:

289. Deputy Fergus O'Dowd asked the Minister for Social Protection if any state or semi state bodies which report to her Department are fully compliant with GDPR EU requirements and the EU network and Information Security Directive and standards with respect to their IT infrastructure including article 29 of GDPR which requires that data processors access only the data they need for their task; if ISO 27001 annex 9 standards on privileged access are fully met; and if she will make a statement on the matter. [27365/21]

View answer

Written answers

Heather Humphreys

Minister for Social Protection

The statutory bodies operating under the aegis of my Department are the Citizens Information Board, The Pensions Authority, the Pensions Council and the Social Welfare Tribunal. Both the Department of Social Protection and the statutory bodies operating under its aegis have Data Protection policies, standards, procedures and guidelines in place governing the use of computer systems and customer data to ensure that they compliant with EU GDPR requirements. Staff are regularly reminded of their Data Protection obligations. The importance of Data Protection and Cyber-security is promoted through awareness campaigns, presentations and regular notices. The bodies under the aegis of my Department are not subject to the EU Network and Information Systems (NIS) Directive as they are not considered to be 'essential providers' within the EU Directive definition. Specific information on each body is as follows:

Pensions Authority: The Pensions Authority is fully compliant with EU GDPR requirements. The Authority’s planned move to the Office of the Government Chief Information Officers’ (OGCIO) desktop as a service will significantly enhance its cyber security in the future and bring it under the ISO 27001 Certification standards.

Pensions Council - The Pensions Council is fully compliant with EU GDPR requirements and complies with Article 29 standards as the Council only uses the personal data required to carry out its functions. The Council does not provide services to the public and therefore holds a limited amount of personal data. The Council does not have its own IT system and uses the IT infrastructure systems operated by the both the Pensions Authority and the Department of Social Protection.

Social Welfare Tribunal – The Social Welfare Tribunal does not have its own IT system and uses the IT infrastructure systems operated by the Department of Social Protection, which are fully compliant with EU GDPR requirements.

Citizen’s Information Bureau (CIB) - The CIB commits to compliance with EU GDPR requirements. This includes transparently communicating with customers on how their personal data is managed (e.g. Data Protection Notice for Users of the Service).

Top
Share