Leo Varadkar (Dublin West, Fine Gael) | Oireachtas source

I propose to take Questions Nos. 1 to 3, inclusive, together.

I am satisfied that the data protection measures in place in my Department are robust. There are secure policies and procedures in place for paper files and electronic data. All information and communication technology, ICT, systems operated within my Department are securely managed. Access to the systems is controlled through a variety of security measures, including industry-leading technologies which are regularly updated. My Department’s electronic records and files are held on a secure internal network. The network is connected to the Internet through the Government networks service, which is a private, managed, wide-area network connecting public service bodies on a data, voice and video-capable network.

The general data protection regulation, GDPR, comes into force on 25 May. The Department of Justice and Equality is responsible for transposing into Irish law those parts of the regulation for which member states have competence. The enacting legislation in Ireland, the Data Protection Bill, is starting Committee Stage in this House today. It is the Government’s intention to have the Bill enacted ahead of the 25 May deadline and I ask for support from all sides of the Oireachtas to ensure we meet that target.

An important priority for the Government has been to ensure that Irish organisations are ready for the GDPR when it comes into force. In addition to the awareness campaign of the Office of the Data Protection Commissioner, the Minister of State with responsibility for data protection, Deputy Pat Breen, has been involved in a range of activities to promote awareness and regularly meets business groups and representative bodies to ensure everyone is aware of their privacy rights and obligations under GDPR. This work will continue after 25 May.

As regards my Department's preparations for GDPR, a data protection officer has been appointed and has been meeting the various divisions in the Department, which are reviewing what personal data they receive, how they manage it and any scope for improvement.

A number of staff, including the DPO, have already attended training sessions on the GDPR and further training will be provided.

Separate from the data protection officer, the data protection unit, DPU, which is within the economic division of my Department supports the Minister of State with responsibility for data protection and contributes to a whole-of-government approach to the challenges arising from the increasing digitisation of modern life in association with significant increases in the amount of personal data generated. The data protection unit also acts as the secretariat to the interdepartmental committee on data issues which was established in 2015 to bring a whole-of-government perspective to data issues.

While compliance with the GDPR is a matter for each individual organisation, the committee has helped to raise awareness of the GDPR across the public service and received regular briefings from the Department of Justice and Equality on the legislation.

See this speech in context