Alan Kelly (Tipperary North, Labour)
Link to this: Individually | In context | Oireachtas source

50. To ask the Minister for Public Expenditure and Reform when his Department officials last met with the Data Protection Commissioner to ensure the highest standards are being met by the Department, and all agencies under its remit, in terms of compliance with data protection legislation. [14446/25]

Jack Chambers (Dublin West, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

My Department recognises the need to treat all personal data in an appropriate and lawful manner and is committed to complying with its obligations in this regard to the highest standard. The Department has recently been assigned a primary point of contact in the Data Protection Commission. The Data Protection Officer for the Department met with this contact, along with the Deputy Commissioner responsible for supervision of the public sector, earlier this month. Both the Department and the Data Protection Commission will continue to work together in the future to help pre-empt data protection issues before they arise and better protect the fundamental rights of data subjects.

With regard to bodies under the aegis of my Department, these bodies are responsible for their own compliance with data protection where they act as a data controller. Where an agency acts as a data processor on behalf of the Department, a controller processor agreement is made between the Department and the agency, outlining the respective responsibilities, and compliance with these obligations are monitored by the Department.

I am advised that the position for bodies under the aegis of my Department is as follows below.

National Shared Services Office

The NSSO has ongoing communication with the DPC in its role both as a processor of Civil Service data and as a controller of NSSO data. The NSSO Data Protection Officer keeps track of DPC guidance notes and case studies to ensure the organisation is kept fully informed of any relevant changes in procedure. The DPO is also a member of the Civil Service DPO network, which receives regular updates from the DPC. The DPC most recently presented to the network in December 2024.

Office of the Ombudsman

The Office of the Ombudsman last met with the Data Protection Commissioner on 3 August 2023.

State Laboratory

Staff with responsibility for this area have completed the Civil Service Data Officer training and are active members of the Data Officer Network. The DPC had active engagement with that training.

Public Appointments Service

PAS engages with the DPC as required in relation to our statutory reporting. PAS has not met with the DPC to ensure the highest standards are being met in terms of compliance with data protection legislation as they were unaware that the DPC offer an advisory service in relation to this. PAS has a DPO in place with a support team and one of its key organisational priorities is to ensure the highest standards are being met in terms of compliance with data protection legislation. PAS regularly report to its Executive Team, Audit Committee and the Board of the Public Appointments Service on the area of data protection and are satisfied that they have the appropriate policies, processes and training in place in relation to this key area.

Office of the Regulator of the National Lottery

ORNL has not met with the Data Protection Commissioner in terms of compliance with data protection legislation.

Office of Public Works

The Office of Public Works last met with the Data Protection Commissioner on 26 February 2025.