Skip to main content
Normal View

Data Protection

Dáil Éireann Debate, Thursday - 20 May 2021

Thursday, 20 May 2021

Questions (313)

Fergus O'Dowd

Fergus O'Dowd

Fergus O'Dowd

Question:

313. Deputy Fergus O'Dowd asked the Minister for Further and Higher Education, Research, Innovation and Science if any state or semi state bodies which report to his Department are fully compliant with GDPR EU requirements and the EU network and Information Security Directive and standards with respect to their IT infrastructure including article 29 of GDPR which requires that data processors access only the data they need for their task; if ISO 27001 annex 9 standards on privileged access are fully met; and if he will make a statement on the matter. [27359/21]

View answer

Written answers

Simon Harris

Minister for Further and Higher Education, Research, Innovation and Science

My Department when processing personal data of any nature adheres to the principles enshrined in the General Data Protection Regulation (GDPR). My Department has put in place comprehensive technical and organisational measures in order to ensure and demonstrate that its processing of personal data fully complies with data protection law. The integrity and confidentiality of personal data is ensured through robust security policies and systems. Appropriate Data Processor agreements are in place with relevant data processors in line with the requirements in Article 29 of GDPR. The statutory supervisory authority overseeing this compliance is the Data Protection Commission.

The information in respect of state bodies, within the scope of the Deputy’s question, is not held by my Department. Under the GDPR, data controllers are responsible for compliance with data protection law in respect of the personal data which they process. State bodies and agencies are accordingly directly responsible for compliance in their own right under the legislation. Contact details for these bodies are set out in the attached document, should the Deputy wish to contact the aegis bodies directly with his query.

The National Cyber Security Centre (NCSC) which is located within the Department of Communications, Climate Action and Environment, is the primary cyber security authority in the State. The NCSC provides a range of cybersecurity services to operators of Critical National Infrastructure, Government Departments and Agencies.

My Department's cyber security protocols are supported by the work of the NCSC and the national computer security incident response team, CSIRT, which provides early warnings, alerts, announcements and dissemination of information about risk and incidents to my Department.

For operational and security reasons, my Department has been advised by the NCSC not to disclose details of systems and processes which could in any way compromise my Department’s information security posture. In particular, it is not considered appropriate to disclose any information, which might assist malicious actors to identify potential vulnerabilities or to disclose operational security matters.

Contacts

Top
Share