I propose to take Questions Nos. 129 to 131, inclusive, together.
My Department has published information on its website advising as to the process of making a 'Subject Access Request' under the General Data Protection Regulation (GDPR). My Department has also published a privacy notice on its website which includes information about data subject rights and access to personal data.
My Department has assigned a Data Protection Officer as required under Article 37 of GDPR with one additional staff member assigned. Information Co-ordinators have also been appointed in each branch to assist with data protection compliance across the Department. GDPR training was made available to all staff during April and May of this year.
No Data Protection Impact Assessments (DPIAs) have commenced since 15 May 2018 in my Department.