Fergus O'Dowd (Louth, Fine Gael)
Link to this: Individually | In context | Oireachtas source

192. To ask the Minister for Transport, Tourism and Sport if his Department is fully compliant with GDPR EU requirements, the EU network and Information Security Directive and standards with respect to his Department’s IT infrastructure including Article 29 of GDPR which requires that data processors access only the data they need for their task; if ISO 27001 Annex 9 standards on privileged access are fully met; and if he will make a statement on the matter. [27348/21]

Eamon Ryan (Dublin Bay South, Green Party)
Link to this: Individually | In context | Oireachtas source

My Department is compliant with GDPR requirements. In accordance with Article 29 of the EU GDPR, Department of Transport staff only have access to data, including personal data, that is relevant to their role or their specific functional area. Access is controlled on a need to access basis and this is determined by their grade and/or role.

It would not be appropriate to disclose information which might assist criminals to identify potential vulnerabilities in Departmental cybersecurity arrangements and for that reason I will not elaborate further on operational security matters. I can confirm though that our technical staff continue to operate and monitor all relevant systems to the highest levels, and are closely engaged with experts in the OGCIO and the NCSC to ensure that we follow best practice as it relates to all aspects of Cybersecurity.

Fergus O'Dowd (Louth, Fine Gael)
Link to this: Individually | In context | Oireachtas source

193. To ask the Minister for Transport, Tourism and Sport if any state or semi state bodies which report to his Department are fully compliant with GDPR EU requirements and the EU network and Information Security Directive and standards with respect to their IT infrastructure including article 29 of GDPR which requires that data processors access only the data they need for their task; if ISO 27001 annex 9 standards on privileged access are fully met; and if he will make a statement on the matter. [27367/21]

Eamon Ryan (Dublin Bay South, Green Party)
Link to this: Individually | In context | Oireachtas source

Compliance with GDPR requirements and information security requirements are an operational matter for the agencies. I have forwarded your question to the agencies under the aegis of my Department for direct response to you. If you do not receive a reply within 10 working days please contact my private office.