My Department when processing personal data of any nature adheres to the principles enshrined in the General Data Protection Regulation (GDPR). My Department has put in place comprehensive technical and organisational measures in order to ensure and demonstrate that its processing of personal data fully complies with data protection law. The integrity and confidentiality of personal data is ensured through robust security policies and systems. Appropriate Data Processor agreements are in place with relevant data processors in line with the requirements in Article 29 of GDPR. The statutory supervisory authority overseeing this compliance is the Data Protection Commission.
The information in respect of state bodies, within the scope of the Deputy’s question, is not held by my Department. Under the GDPR, data controllers are responsible for compliance with data protection law in respect of the personal data which they process. State bodies and agencies are accordingly directly responsible for compliance in their own right under the legislation. Contact details for these bodies are set out in the attached document, should the Deputy wish to contact the aegis bodies directly with his query.
The National Cyber Security Centre (NCSC) which is located within the Department of Communications, Climate Action and Environment, is the primary cyber security authority in the State. The NCSC provides a range of cybersecurity services to operators of Critical National Infrastructure, Government Departments and Agencies.
My Department's cyber security protocols are supported by the work of the NCSC and the national computer security incident response team, CSIRT, which provides early warnings, alerts, announcements and dissemination of information about risk and incidents to my Department.
For operational and security reasons, my Department has been advised by the NCSC not to disclose details of systems and processes which could in any way compromise my Department’s information security posture. In particular, it is not considered appropriate to disclose any information, which might assist malicious actors to identify potential vulnerabilities or to disclose operational security matters.
Contacts