My Department when processing personal data of any nature adheres to the principles enshrined in the General Data Protection Regulation (GDPR). My Department has put in place comprehensive technical and organisational measures in order to ensure and demonstrate that its processing of personal data fully complies with data protection law. The integrity and confidentiality of personal data is ensured through robust security policies and systems. Appropriate Data Processor agreements are in place with relevant data processors in line with the requirements in Article 29 of GDPR. The statutory supervisory authority overseeing this compliance is the Data Protection Commission.
The National Cyber Security Centre (NCSC) which is located within the Department of Communications, Climate Action and Environment, is the primary cyber security authority in the State. The NCSC provides a range of cybersecurity services to operators of Critical National Infrastructure, Government Departments and Agencies.
My Department's cyber security protocols are supported by the work of the NCSC and the national computer security incident response team, CSIRT, which provides early warnings, alerts, announcements and dissemination of information about risk and incidents to my Department.
For operational and security reasons, my Department has been advised by the NCSC not to disclose details of systems and processes which could in any way compromise my Department’s information security posture. In particular, it is not considered appropriate to disclose any information, which might assist malicious actors to identify potential vulnerabilities or to disclose operational security matters.