Dáil Éireann Debate, Wednesday - 29 September 2021
179. Deputy Catherine Murphy asked the Minister for Justice the person or body that is responsible for the collection, input and centralisation of data under the new Garda operational model; and the person or body that will hold the position of data controller in each division. [46862/21]
View answerAs the Deputy will be aware, the Garda Commissioner is by law responsible for the general management and administration of the Garda organisation under the Garda Síochána Act 2005. This includes processing of personal data for law enforcement purposes.
Processing of personal data for law enforcement purposes is subject to Part 5 of the Data Protection Act 2018. Section 69(1) of the Act defines a data controller as a competent authority that, whether alone or jointly with others, determines the purposes and means of processing personal data.
As a competent authority for law enforcement with functions established under Section 7(1) of the Garda Síochána Act 2005, An Garda Síochána is the data controller for personal data processed by it for the purposes of prevention, detection, investigation or prosecution of criminal offences, including personal data processed under the new Garda Operating Model.
Under the overall responsibility of the Garda Commissioner, all members and staff of An Garda Síochána must abide by relevant policies and procedures in respect of the processing of personal data. This includes the commitment, under the Code of Ethics for An Garda Síochána, to gather, retain, access, disclose of process information only in accordance with the law and principles of data protection.
I am advised by the Garda authorities that both currently and under the new Garda Operating Model, the Garda Information Service Centre (GISC) has primary responsibility for the input and collection of crime incident data, working with Garda members to ensure that data on every incident is centrally recorded consistently and accurately.
In compliance with data protection legislation, the Data Protection Officer (DPO) is a Principal Officer position in An Garda Síochána reporting to the Executive Director, Chief Information Officer. I am informed that the role is currently filled on an acting basis with a permanent appointment due to be made at the conclusion of a dedicated open competition in October, 2021. The Data Protection Commissioner was formally notified of the appointment of the current DPO in line with the provisions of Article 37(7) of the General Data Protection Regulation (the GDPR, EU 2016/679) and Section 88(4)(b) of the Data Protection Act 2018.
