FAQs
How can I contact the DPC?
If you wish to contact the Data Protection Commission (DPC) in relation to your data protection rights, you can do so by submitting a webform, by sending an email, by post or by telephone.
FAQs
How do I make a privacy policy?
A data protection notice (also known as “privacy policy”) is an accountability tool that helps a data controller demonstrate that it is compliant with data protection law, in particular in respect of its obligations under the transparency principle (Articles 12 to 14 of the General Data Protection Regulation (GDPR)), and to fulfil the right of data subjects to receive certain information in relation to a data controller’s processing operations.
FAQs
What is the role of the DPC?
The Data Protection Commission (DPC) is the national independent authority in Ireland responsible for upholding the fundamental right of individuals in the European Union (EU) to have their personal data protected. Accordingly, the DPC is the Irish supervisory authority responsible for monitoring the application of the General Data Protection Regulation (GDPR), and it also has functions and powers related to other regulatory frameworks, including the Irish ePrivacy Regulations (2011) and the EU Directive known as the Law Enforcement Directive (LED).
FAQs
What is the position regarding official photography of children at school events?
Schools often take photographs or hire photographers to attend school-related events to capture important occasions. Again, there are six legal bases for processing personal data under the General Data Protection Regulation (GDPR), and schools must ensure they can rely on one of these legal bases before they can process the personal data.
FAQs
Can a financial institution ask for my PPSN when I am opening a new account?
The lawful basis to seek a Personal Public Service Number (PPSN) is provided for under Article 6(1)(c) and (e) of the General Data Protection Regulation (GDPR) where legislation has been enacted under Regulations under S.I. No. 136 of 2008 entitled Return of Payments (Banks, Building Societies, Credit Unions and Savings Banks) Regulations 2008.
FAQs
How long should personal data be held to meet the obligations imposed by the GDPR?
Data controllers are obliged to process personal data in accordance with the storage limitation principle, meaning that personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. If the purpose for which the information was obtained has ceased and the personal information is no longer required, the data must be deleted or disposed of in a secure manner.
FAQs
What is the difference between FOI and Data Protection?
The main function of Freedom of Information (FOI) is to enable the public have access to information used, produced or held by public bodies.
FAQs
What powers does the Data Protection Commissioner have?
The Data Protection Commissioner has a broad range of powers to enforce the data protection rights of individuals and to monitor compliance with data protection obligations of data controllers and data processors.
FAQs
Does the GDPR apply to deceased persons?
The General Data Protection Regulation (GDPR) does not apply to the personal data of deceased persons. Therefore, if the issue relates to the personal data of a deceased individual, the DPC will not be in a position to progress this matter for you on your behalf as it falls outside data protection law.
FAQs
What is the household exemption?
Data protection law does not apply to the processing of personal data where the personal data is kept by an individual and is concerned solely with the management of his/her personal, family or household affairs or kept by an individual for recreational purposes (Article 2(2)(c) of the General Data Protection Regulation (GDPR)).