Data Protection Acts


The Data Protection Acts 1988 and 2003 outline the legal obligations related to personal data held by Government Departments, Offices or Agencies. Under these acts, GSOC has certain responsibilities regarding processing and retention of data.

Under these Acts, GSOC is a “Data Controller”. This means that GSOC has certain responsibilities in how we process and retain personal data.  We must:

  • Obtain and process information fairly
  • Keep it only for one or more specified, explicit and lawful purposes
  • Use and disclose it only in ways compatible with these purposes
  • Keep it safe and secure
  • Keep it accurate, complete and up-to-date
  • Ensure that it is adequate, relevant and not excessive
  • Retain it for no longer than is necessary for the purpose or purposes
  • Give a copy of his/her personal data to an individual, on request

Types of data held by GSOC

Personal Data

This is data relating to a living person which identifies (or could identify) that person, either by itself or when put together with other information in GSOC’s possession (or likely to come into GSOC’s possession).

For example:

  • Name
  • Address
  • Email address
  • Date of Birth
  • Gender
  • Ethnicity
  • Garda rank
  • Garda registration number
  • Name of next of kin
  • Phone numbers

Under the Data Protection Acts, you have the right to request a copy of any information relating to you, which is kept by us, on a computer or in a manual filing system (or intended for such a system). However, GSOC is partially exempt from the duty to disclose in certain circumstances, including where such data is retained for the purposes of investigating criminal offences.

If you wish to make a request for access to your personal data, please do so through the make a personal data request page on this website.

Non-Personal Data

GSOC also holds “Non-Personal Data”, such as numbers of complainants, statistical information about complaints or investigations and financial information. Non-personal data is not covered by the Data Protection Acts. For access to this type of information, you can make a request under the Freedom of Information Act 2014

EU General Data Protection Regulation (GDPR)

The European Union GDPR directive is set to commence in May 2018.  The GDPR will grant greater rights to an individual or “data subject”, and imposes greater responsibilities on “Data Controllers”.  GSOC is actively preparing for the implementation of the GDPR directive.

Further information on the GDPR is available at the EUGDPR website