My Department receives the vast majority of personal data direct from customers themselves mainly on foot of an application for one of my Department’s schemes or for other supports and services provided.
My Department has a firm legal basis for the processing of this personal data in accordance with the Social Welfare Consolidation Act, 2005, as amended.
Circumstances where my Department receives and processes information from third party organisations is also provided for by law and underpinned by written agreements which outline how the information is shared and also what it is used for. This is fully in compliance with the GDPR. Indeed, my Department’s GDPR privacy statement outlines how the Department collects, stores and uses personal and is available on the Department’s website and in hard copy on request.