Written answers
Thursday, 20 May 2021
Department of Housing, Planning, and Local Government
Data Protection
Fergus O'Dowd (Louth, Fine Gael)
Link to this: Individually | In context | Oireachtas source
246. To ask the Minister for Housing, Planning, and Local Government if his Department is fully compliant with GDPR EU requirements, the EU network and Information Security Directive and standards with respect to his Department’s IT infrastructure including Article 29 of GDPR which requires that data processors access only the data they need for their task; if ISO 27001 Annex 9 standards on privileged access are fully met; and if he will make a statement on the matter. [27342/21]
Darragh O'Brien (Dublin Fingal, Fianna Fail)
Link to this: Individually | In context | Oireachtas source
In accordance with the requirements of the General Data Protection Regulation (GDPR), my Department has implemented a range of appropriate organisational and technical measures to safeguard privacy and protect personal information. These measures include the ability to ensure the ongoing confidentiality, integrity and availability of systems and services.
Since the coming into effect of the GDPR in May 2018, my Department has taken a number of steps to establish a comprehensive compliance framework. A dedicated Data Protection Officer (DPO), as required under Article 37 of the Regulation, has been appointed. The DPO leads a Data Protection Unit (DPU) and Information Officers have also been identified across the Department to assist with ensuring data protection compliance.
The DPU has been rolling out a programme of work over the past three years, which includes providing assistance to business units in addressing any potential data protection risks. The Unit has developed a GDPR e-Learning Programme for staff, to help raise awareness and provide training to staff on compliance with the legislation. Articles 28 and 29 of the GDPR set out the requirements for data controllers and data processors in relation to the processing of personal data on behalf of the controller. The DPU works with business units on an ongoing basis to advise on the requirements of the articles, including entering into legally binding contracts governing the processing and security of personal data.
My Department uses the principle of least privilege access in line with industry best practises and guidance and advisories issued by the Office of the Government Chief Information Office (OGCIO) and the National Cyber Security Centre (NCSC) of the Department of Communications, Climate Action and Environment (DCCAE). IT staff are only given access which is essential to perform the tasks and duties associated with their roles and responsibilities. IT staff with privileged user accounts are reviewed and monitored on a regular basis.
Fergus O'Dowd (Louth, Fine Gael)
Link to this: Individually | In context | Oireachtas source
247. To ask the Minister for Housing, Planning, and Local Government if any state or semi state bodies which report to his Department are fully compliant with GDPR EU requirements and the EU network and Information Security Directive and standards with respect to their IT infrastructure including article 29 of GDPR which requires that data processors access only the data they need for their task; if ISO 27001 annex 9 standards on privileged access are fully met; and if he will make a statement on the matter. [27361/21]
Darragh O'Brien (Dublin Fingal, Fianna Fail)
Link to this: Individually | In context | Oireachtas source
The State bodies under the aegis of my Department are expected to be compliant with all relevant statutory requirements, including those arising from EU Directives and Regulations. My Department does not routinely monitor such compliance.
Further information in relation to these matters may be obtained by contacting the dedicated e-mail addresses for members of the Oireachtas in respect of the State bodies under the aegis of my Department, as set out in tabular form below.
State Body | Contact E-mail Address |
---|---|
An Bord Pleanála | oireachtasqueries@pleanala.ie |
An Fóram Uisce (the Water Forum) | info@nationalwaterforum.ie |
Approved Housing Bodies Regulatory Authority | oireachtasqueries@ahbregulator.ie |
Docklands Oversight and Consultative Forum | infodocklands@dublincity.ie |
Ervia | oireachtas@ervia.ie |
Gas Networks Ireland | oireachtas@ervia.ie |
Heritage Council | oireachtas@heritagecouncil.ie |
Housing Finance Agency | oireachtas.enquiries@hfa.ie |
Housing and Sustainable Communities Agency | publicreps@housingagency.ie |
Irish Water | oireachtasmembers@water.ie |
Land Development Agency | oireachtas@lda.ie |
Local Government Management Agency | corporate@lgma.ie |
National Oversight and Audit Commission | info@noac.ie |
National Traveller Accommodation Consultative Committee | ntacc@housing.gov.ie |
Office of the Planning Regulator | oireachtas@opr.ie |
Ordnance Survey Ireland | Oireachtas@osi.ie |
Property Registration Authority | reps@prai.ie |
Pyrite Resolution Board | oireachtasinfo@pyriteboard.ie |
Residential Tenancies Board | OireachtasMembersQueries@rtb.ie |
Valuation Office | oireachtas.enquiries@VALOFF.ie |
Valuation Tribunal | info@valuationtribunal.ie |
Water Advisory Body | info@wab.gov.ie |
Waterways Ireland | ceoffice@waterwaysireland.org |
No comments