Dáil Éireann Debate, Wednesday - 11 July 2018
500. Deputy Catherine Murphy asked the Minister for Transport, Tourism and Sport the changes he has made to allow access by persons to their own data held by his Department and bodies under its aegis following the introduction of the General Data Protection Regulation, GDPR; and if he will make a statement on the matter. [31479/18]
Amharc ar fhreagra501. Deputy Catherine Murphy asked the Minister for Transport, Tourism and Sport the staffing complement and resources of his Department's data protection officer; and if he will make a statement on the matter. [31503/18]
Amharc ar fhreagra502. Deputy Catherine Murphy asked the Minister for Transport, Tourism and Sport the data protection impact assessments his Department has commenced since 15 May 2018; and if he will make a statement on the matter. [31520/18]
Amharc ar fhreagraI propose to take Questions Nos. 500 to 502, inclusive, together.
As the Deputy is aware, right of access as a data protection concept is not new. My Department previously carried out this data subject right under the Data Protection Acts 1988 and 2003 and continues to do so under Article 15 of the General Data Protection Regulation (GDPR).
In preparation for the GDPR, my Department has undertaken a comprehensive readiness project which included ensuring continued compliant mechanisms are in place to allow people access to their personal information.
Any member of the public can access their own personal information processed by my Department. This right can be exercised by contacting my Department’s Data Protection Officer (DPO). Contact details and guidance on how to make a subject access request are available on www.dttas.gov.ie/dataprotection.
With regard to data protection resources in my Department, the Data Protection Unit comprises three staff including the DPO. In addition to this, a Departmental Working Group has been established with representatives from Divisions across my Department. The role of the Working Group is to work with the DPO in continuing to embed GDPR compliant practices across my Department. The DPO also has access to training and continued professional development through the Learning and Development HR function in my Department. Through such provision of resources, my Department is adhering to the requirements of Article 38(1) of the GDPR.
As the Deputy is aware, a Data Protection Impact Assessment (DPIA) is required under the GDPR when the processing of personal data is “likely to result in a high risk to the rights and freedoms of natural persons” and is particularly relevant where the proposed processing involves a new technology. My Department will conduct DPIAs on projects identified as requiring such assessments. Since 15th May my Department has not carried out any DPIA's.
Agencies under my Department’s remit are responsible for ensuring compliance with data subject rights, including the right of access. I have therefore sent your question on access to personal information to them for direct reply. If you have not received a response within 10 days please contact my private office.
