Catherine Murphy (Kildare North, Social Democrats)
Link to this: Individually | In context | Oireachtas source

276. To ask the Tánaiste and Minister for Justice and Equality the changes he has made to allow access by persons to their own data held by his Department and bodies under its aegis following the introduction of GDPR; and if he will make a statement on the matter. [31475/18]

Catherine Murphy (Kildare North, Social Democrats)
Link to this: Individually | In context | Oireachtas source

278. To ask the Tánaiste and Minister for Justice and Equality the staffing complement and resources of his Department's data protection officer; and if he will make a statement on the matter. [31499/18]

Catherine Murphy (Kildare North, Social Democrats)
Link to this: Individually | In context | Oireachtas source

279. To ask the Tánaiste and Minister for Justice and Equality the data protection impact assessments his Department has commenced since 15 May 2018; and if he will make a statement on the matter. [31516/18]

Charles Flanagan (Laois, Fine Gael)
Link to this: Individually | In context | Oireachtas source

I propose to take Questions Nos. 276, 278 and 279 together.

As the Deputy will be aware, access by persons to their own data held by the Department of Justice and Equality and bodies under its aegis was previously provided for under the Data Protection Acts 1988 and 2003. In preparation for GDPR my Department reviewed and revised the existing Data Protection Policy and data subject access process to ensure alignment with the enhanced rights of the data subject provided for by GDPR. In order to ensure greater transparency and accessibility for data subjects, the revised Policy, as well as specific guidance on making a Subject Access Request is posted on the DJE website. I have asked agencies under my Department's aegis who operate their own data protection policy and subject access arrangements to reply directly to the Deputy on this matter.

A Data Protection Officer (at Principal Officer level) heads up the Department's Data Protection Support and Compliance Office (DPSCO), along with 6 additional staff members (1 Assistant Principal Officer, 3 Higher Executive Officers, 1 Executive Officer and 1 Clerical Officer).  The role of the DPSCO is to provide leadership and support to Department staff to ensure compliance with data protection legislation. The DPSCO has access to counsel (nominated by the Attorney General) for specific legal advice in relation to the application of the legislation to various aspects of the Department's remit.

In relation to Data Protection Impact Assessments (DPIA),  I note that Article 35 of the General Data Protection Regulation 2018 (GDPR) requires that a DPIA be carried out where 'a type of processing in particular using new technologies' is identified as 'likely to result in a high risk to the rights and freedom of natural persons'. My Department, in consultation with the Data Protection Officer, has developed a DJE specific DPIA process which is being rolled out to all Divisions involved in processing personal data.  DPIAs are currently ongoing in relation to inter agency systems in development in the justice sector.