In order to perform our statutory functions, GSOC is required to process significant amounts of personal data within the meaning of the General Data Protection Regulation (GDPR), the Law Enforcement Directive (LED) and the Data Protection Act 2018 (“Applicable Data Protection Legislation”). The Applicable Data Protection Legislation grants greater rights to you as an individual or “Data Subject”, and imposes greater responsibilities on GSOC as a “Data Controller”. Because we decide the purposes and means of the processing personal data, GSOC is a Data Controller.
One of the central requirements under the Applicable Data Protection Legislation is for the collection of personal data to be lawful and fair. It should be clear to you that personal data concerning you is collected, used, consulted or otherwise processed, and to what extent that personal data is or will be processed. This page explains what information about you GSOC processes, why we process it, with whom we share it, and what your rights are with respect to your personal information.
1. Policies and compliance
Our Data Protection Policy sets out how GSOC obtains, processes and retains personal data. This policy is available here. The retention periods for each different type of file or record that contains personal data are listed here.
GSOC will be providing training to all our staff in the coming months to ensure that they are fully informed of their responsibilities regarding GSOC’s use of your data.
GSOC will continue to work towards fully implementing our obligations under the Applicable Data Protection Legislation. Over the coming months we will update this page to highlight the changes that we have implemented to ensure that data privacy and protection will be at the heart of all our functions.
2. What is GSOC’s legal basis for processing personal data?
In order for processing to be lawful, personal data should be processed on the basis of your consent or some other legitimate basis. The Garda Síochána Act, 2005 (as amended) is the legislation that governs the functions of the Garda Síochána Ombudsman Commission (GSOC). Section 67 (2) of that Act outlines GSOC’s functions which are (in summary):
- to receive complaints made by members of the public concerning the conduct of gardaí and investigate those complaints,
- to report the results of those investigations to the Director of Public Prosecutions or the Garda Commissioner which may involve sending a copy of the investigation file to either or both;
- to examine and investigate matters concerning the conduct of gardaí which may have resulted in the death or serious harm to a person;
- to examine practices, policies and procedures of the Garda Síochána, for the purpose of preventing complaints arising or reducing incidences of complaints.
GSOC will not use or disclose personal data for purposes other than in compliance with, and in discharge of, our functions.
3. What data does GSOC collect about you?
In order to perform our statutory functions, GSOC processes personal information about individual members of the public and individual garda members. GSOC collects and processes the following types of information:
- Email address
- Date of Birth
- Garda rank
- Garda registration number
- Name of next of kin
- Phone numbers
GSOC may also collect personal data of a sensitive nature, as defined under the Applicable Data Protection Legislation, including data such as,
- racial or ethnic origin, through our questionnaires.
- genetic and biometric data for the purpose of uniquely identifying a natural person, which may be collected for the purposes of a criminal investigation.
- data concerning health, including medical records or injury photographs, which may be collected for the purposes of investigating a complaint.
Personal data is normally obtained directly from you. In certain circumstances, it will, however, be necessary to obtain data from third parties such as the Garda Síochána, independent witnesses, medical professionals or CCTV footage.
4. How will your personal data be used by GSOC?
The information we hold or collect about you will be used for management and administrative purposes, to administer complaints, to decide if a complaint is admissible or not, to investigate or resolve complaints or matters that involve alleged garda misconduct and for potential court or disciplinary proceedings in line with the Garda Síochána (Discipline) Regulations 2007.
GSOC is an employer also and processes the personal data of its staff and contracted service providers in order to run the organisation effectively and manage its employment relationship with staff.
5. Who does GSOC share personal information with?
Your information may be disclosed to third parties such as the Garda Síochána to enable us to effectively investigate complaints or where we are legally obliged to do so. For example, if we are investigating a complaint we may share personal information with the Garda Síochána in order to identify the garda members concerned. In order to fulfil our obligations as an employer, we share personal information with Peoplepoint and Payroll Shared Services.
More detailed information on how we share your personal data will be provided in our Data Protection Policy.
6. What are GSOC’s responsibilities when processing or collecting your personal data?
This means that GSOC has key responsibilities under the Applicable Data Protection Legislation, which are to ensure that personal data is:
- Processed in a way that is lawful, fair and transparent
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- Adequate, relevant and is limited to what is necessary
- Accurate and kept up to date
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and
- Processed in a manner that ensures appropriate security of the data
GSOC must also be able to show how we are complying with these principles.
7. What are your data protection rights?
You have the following rights under the Application Data Protection Legislation, although your ability to exercise these rights may be subject to certain conditions:
- The right to receive a copy of and/or access the personal data that we hold about you together with other information about our processing of that personal data
- The right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete
- The right, in certain circumstances, to request that we erase your personal data
- The right, in certain circumstances, to request that we no longer process your personal data the way in which we process it
- The right, in certain circumstances, to transfer your personal data to another organisation
- The right to object to automated decision making and/or profiling and
- The right to complain to the Data Protection Commissioner
If you wish to know more about your data protection rights please visit the Data Protection Commission (DPC) website here.
8. How do you access your personal data?
To make an access request you should contact us at firstname.lastname@example.org and tell us exactly what information you are seeking to access. We need your request in writing and you should include enough information to identify you, to our reasonable satisfaction so we can verify that we are not releasing your data to someone who is impersonating you.
Further information on how to make a request for access to your personal data is available on the ‘Make a personal data request’ page on this website, here.
GSOC will try to respond as quickly as possible but if we have not been able to complete our response to you within one calendar month we will update you about our progress.
9. Further information and concerns
If you have any queries in relation to how your data is processed, please contact our Data Protection Officer, Ms Pauline Byrne at the details below.
Phone: 1818 600 800 (press 2 for Reception)
Address: GSOC, 150 Abbey Street Upper, Dublin 1, D01 FT73
You can also raise a concern with the DPC about how GSOC has handled your personal data. Please visit the DPC website here.
10. Non-Personal Data
GSOC also holds Non-Personal Data, such as numbers of complainants, statistical information about complaints or investigations and financial information. Non-personal data is not covered by the Data Protection Acts. For access to this type of information, you can make a request under the Freedom of Information Act 2014, here. For further information on how to do that and to view our previous responses to requests, please visit here.