Written answers

Thursday, 20 May 2021

Department of Agriculture, Food and the Marine

Data Protection

Photo of Fergus O'DowdFergus O'Dowd (Louth, Fine Gael)
Link to this: Individually | In context | Oireachtas source

379. To ask the Minister for Agriculture, Food and the Marine if his Department is fully compliant with GDPR EU requirements and the EU network and Information Security Directive and standards with respect to his Department's IT infrastructure including Article 29 of GDPR which requires that data processors access only the data they need for their task; if ISO 27001 Annex 9 standards on privileged access are fully met; and if he will make a statement on the matter. [27333/21]

Photo of Charlie McConalogueCharlie McConalogue (Donegal, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

The GDPR (General Data Protection Regulation) is an EU Regulation which governs data protection law for EU member states. It came into operation in May 2018 and the Department continuously works towards full compliance with the requirements of the GDPR.

Many procedures and processes have been introduced since that time in order to comply with the GDPR requirements including :

- Appointment of a Data Protection Officer - Article 37 of GDPR

- Data breach reporting to the Data Protection Commission (DPC) – Article 33 of GDPR

- Processing of Subject Access Requests – Article 15 of GDPR

- Compilation of a Record of Processing Activities – Article 30 of GDPR

- Examination of data transfers to third countries – Articles 44-49 of GDPR

- Undertaking Data Protection Impact Assessments – Article 35 of GDPR

- Increasing awareness of data protection and information security – Article 32 of GDPR

Procedures in relation to the use of Data Processors, under Article 29 of the GDPR, have been incorporated into revised template contracts, updated by the Office of Government Procurement in 2018, for use by all Government Departments. Data Processors are only provided with access to information that they specifically need to carry out their contracts. Confidentiality in relation to this information is provided for in the written contract.

The Department is also fully ISO 27001 certified and annex 9 is included in the statement of applicability for that certification.

Photo of Fergus O'DowdFergus O'Dowd (Louth, Fine Gael)
Link to this: Individually | In context | Oireachtas source

380. To ask the Minister for Agriculture, Food and the Marine if any state or semi state bodies which report to his Department are fully compliant with GDPR EU requirements and the EU network and Information Security Directive and standards with respect to their IT infrastructure including article 29 of GDPR which requires that data processors access only the data they need for their task; if ISO 27001 annex 9 standards on privileged access are fully met; and if he will make a statement on the matter. [27351/21]

Photo of Charlie McConalogueCharlie McConalogue (Donegal, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

As regards the twelve State Bodies under the aegis of the Department, the information requested is an operational matter for the State Bodies themselves.

I have therefore referred the Deputy’s question to the Agencies and have requested that a response should issue within 10 days.

Comments

No comments

Log in or join to post a public comment.