All personal data processed by the Department of Culture, Heritage and the Gaeltacht will take place in accordance with the law on data protection and will only be for the purposes connected to the functions of this Department.
Department staff are also considered customers of the Department from a data protection perspective and may exercise their data protection rights in the same way.
The Department is fully committed to keeping all personal data submitted by its customers, fully safe and secure during administrative processes. All necessary technical measures have been put in place to ensure the safety and security of the systems which hold this data.
Data Protection information will be updated on this page from time to time.
The current legislation for Data Protection in Ireland is the Data Protection Act 1988 as amended by the 2003 Data Protection Act. The General Data Protection Regulations (EU 2016/679) will come into effect on 25 May 2018.
Who is the Data Controller?
The Data Controller for the collection and processing of all personal data in the Department of Culture, Heritage and the Gaeltacht is the Department itself.
How do I contact the Data Protection Officer?
The Data Protection Officer can be contacted as follows:
Data Protection Officer
Department of Culture, Heritage and the Gaeltacht
23 Kildare Street
Data Protection Policy
The Department’s Data Protection Policy can be found here.
What are my rights under Data Protection legislation?
When you, as a customer, provide personal data to the Department, you have certain rights available to you in relation to that data. However, it should be noted that not all rights listed shall be applicable in every circumstance. These rights are outlined below and can be exercised by contacting the Data Protection Officer, as detailed above, indicating which right(s) you wish to exercise:
- Access to your personal data – click here for information on the right to access, including how to submit a Subject Access Request;
- Rectification of your personal data;
- Data portability;
- Restriction of the processing of your personal data;
- Objection to the processing of your personal data;
- Withdrawing consent if previously given to the processing of your personal data;
- Erasure of your personal data;
- Right to lodge a complaint with the Supervisory Authority (Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois R32 AP23 – dataprotection.ie);
Are there any restrictions?
Yes – Section 61(1) allows for restrictions on the exercise of the rights of data subjects where processing is for archiving purposes in the public interest. The rights of a data subject set out in Articles 15 (right of access), 16 (right to rectification), 18 (right to restrictions of processing), 19 (right to notification of rectification, erasure or restriction of processing of personal data), 20 (right to data portability), and 21 (right to object) of the GDPR are restricted to the extent that:
- the exercise of any of those rights would be likely to render impossible, or seriously impair, the achievement of those purposes, and
- such restriction is necessary for the fulfilment of those purposes.
Where processing is taking place at the same time for any other purpose, other than archiving purposes in the public interest, these restrictions will only apply to processing for archiving purposes in the public interest.
Where will my personal information be shared?
At all times, your personal data will only be shared where there is a valid legal basis to do so and in accordance with the appropriate Data Protection legislation.
Parliamentary Questions and Representations from Public Representatives
In replying to Parliamentary Question requests, all personal information is taken out of the reply which later goes to form the public record.
Information processed for this purpose will only be retained for as long as there is a business need to do so and thereafter will be marked for deletion and will be destroyed in line with internal guidelines or guidelines for destruction received from the National Archives of Ireland or associated permissions received from them.
Anonymising or pseudonymising personal data
Where possible, the Department may anonymise or pseudonymise (mask) personal data so that the personal data will only be available to those who have a clear business need to see it.
Technical information on data collected
Technical information on the cookies used on our Department’s website is available here.
Record of Processing Activities (ROPA)
The General Data Protection Regulations (GDPR) came into force in May 2018, in which Article 30 included a requirement for all public bodies to produce a Record of Processing Activities, or a ROPA.
This document is an inclusive and non-exhaustive list of the processes undertaken by sections within the Department that utilise personal data; by nature it takes the form of a living document, which will be updated regularly with changes and amendments. If you have any queries regarding specific processes which utilise personal data that are not covered by this document, please contact the Data Protection Officer, as detailed above.