Mr. Cathal Ryan:

We are looking at the whole vetting procedure and at what is and is not disclosed, and we are looking to update guidelines in line with the GDPR provisions on Article 10 data, which relates to allegations of criminal activity and offences.

We look at subject access requests following a complaint or through an audit. We can look at the individual complaint and ask what information is not being shared and we can carry out an inspection to determine whether the test for non-disclosure of the full set of data was applied correctly. In the past, gardaí may not have disclosed certain information that could have prejudiced the investigation of a case. We have to look at what data are not being disclosed and make a determination on that. It is difficult to do so without the necessary knowledge.

The Garda Síochána has a very good data protection unit, which was set up following the GDPR. Internally, the unit would need to oversee how requests are being handled. It would not be one individual garda who would make the call and it would have to go through a certain procedure.