My Department does not maintain a schedule of personal data sharing activities over the past 20 years to date. The information sought is not readily available and its compilation would involve a disproportionate amount of time and work.
My Department shares personal data with other public bodies for a variety of reasons including where required by law, where relevant and necessary to provide a public service or perform a public function, where sought for law enforcement purposes, or where another public body acts as a processor of personal data on my Department’s behalf. The content and volume of personal data concerned may vary widely from a single or handful of records upwards and information may be provided on a once-off basis or as part of a longer-term arrangement. Examples include: reporting staff pay and deduction information to the Office of the Revenue Commissioners; once-off requests from law enforcement authorities such as An Garda Síochána seeking information relating to the investigation of criminal offences; applicant details shared with the National Museum of Ireland for consultation purposes as part of the application process for licensable activities under the Historic and Archaeological Heritage and Miscellaneous Provisions Act 2023; staff details shared with the National Shared Service Office to provide human resource and payroll services to my Department. The disclosure of information may be either on an individual basis or in other cases in aggregate form.
My Department has implemented appropriate organisational measures to ensure it fully meets it obligations and responsibilities under the General Data Protection Regulation (GDPR), the Law Enforcement Directive (LED), the Data Protection Act 2018, and the Data Sharing & Governance Act 2019. Personal data is only collected, held and shared where it is relevant and necessary and in a manner that complies with data protection principles including lawfulness and transparency. The legal basis most frequently relied upon by my Department for processing personal data is either legal obligation or official task/public interest. Transparency is achieved by providing privacy statements which explain to individuals why and how my Department uses their personal data, as well as clearly specifying who their information is shared with. Where a new data sharing activity falls within scope of the Data Sharing & Governance Act 2019, my Department progresses data sharing agreements under the provisions of that legislation which includes public consultation and review by the Data Governance Board. Where possible my Department provides for data sharing arrangements in legislation following consultation with the Data Protection Commission under GDPR or LED. As required under GDPR and LED, my Department establishes written agreements where another public body processes personal data on my Department’s behalf. Other organisational measures include the appointment of a Data Protection Officer and data protection team to support my Department’s compliance with its data protection obligations, maintaining a record of processing activities under my Departments responsibility, and relevant staff training.
