Skip to main content
Normal View

Data Protection

Dáil Éireann Debate, Thursday - 20 May 2021

Thursday, 20 May 2021

Questions (399)

Fergus O'Dowd

Question:

399. Deputy Fergus O'Dowd asked the Minister for Rural and Community Development if any state or semi state bodies which report to her Department are fully compliant with GDPR EU requirements and the EU network and Information Security Directive and standards with respect to their IT infrastructure including article 29 of GDPR which requires that data processors access only the data they need for their task; if ISO 27001 annex 9 standards on privileged access are fully met; and if she will make a statement on the matter. [27364/21]

View answer

Written answers

The agencies under my Department's aegis are Water Safety Ireland (WSI), Pobal, the Charities Regulatory Authority (CRA) and the Western Development Commission (WDC).

As part of their day-to-day operations, and in order to carry out tasks required in the course of the performance of their functions those agencies hold personal data for a range of purposes.

Those agencies are committed to protecting the rights and privacy of all its data subjects in accordance with the General Data Protection Regulation and the Data Protection Acts 1988 to 2018.

Each agency under my Department's aegis has a Data Protection Policy in place and a Data Protection Officer, as required by Article 37 of the GDPR. Any processing of personal data is performed in compliance with the principles relating to processing under the GDPR.

Water safety Ireland (WSI), Pobal, and the Charities Regulator (CRA) have confirmed compliance with GDPR EU requirements and the EU network and Information Security Directive and standards with respect to their IT infrastructure including article 29 of GDPR.

The EU Network and Information Security Directive applies to Operators of Essential Services, as identified by DCCAE, and Digital Service Providers. The WDC has not been identified as an Operator of Essential Services and is not a Digital Service Provider. However, the WDC engages continuously with its IT partners to protect against cyber threats.

Finally, the WDC is not certified to the ISO 27001 Standard. However, having reviewed Annex 9 in full, they are satisfied that their IT security policy addresses the criteria laid out in it. Furthermore, their IT support provider, who manages our IT infrastructure is IS027001 certified.

Top
Share