The Data Protection Acts 1988 and 2003 outline the legal obligations related to personal data held by Government Departments, Offices or Agencies. Under these acts, GSOC has certain responsibilities regarding processing and retention of data.
Under these Acts, GSOC is a “Data Controller”. This means that GSOC has certain responsibilities in how we process and retain personal data. We must:
This is data relating to a living person which identifies (or could identify) that person, either by itself or when put together with other information in GSOC’s possession (or likely to come into GSOC’s possession).
Under the Data Protection Acts, you have the right to request a copy of any information relating to you, which is kept by us, on a computer or in a manual filing system (or intended for such a system). However, GSOC is partially exempt from the duty to disclose in certain circumstances, including where such data is retained for the purposes of investigating criminal offences.
If you wish to make a request for access to your personal data, please do so through the make a personal data request page on this website.
GSOC also holds “Non-Personal Data”, such as numbers of complainants, statistical information about complaints or investigations and financial information. Non-personal data is not covered by the Data Protection Acts. For access to this type of information, you can make a request under the Freedom of Information Act 2014
The European Union GDPR directive is set to commence in May 2018. The GDPR will grant greater rights to an individual or “data subject”, and imposes greater responsibilities on “Data Controllers”. GSOC is actively preparing for the implementation of the GDPR directive.
Further information on the GDPR is available at the EUGDPR website