In order to perform our statutory functions, GSOC is required to process significant amounts of personal data within the meaning of the General Data Protection Regulation (GDPR), the Law Enforcement Directive (LED) and the Data Protection Act 2018 (“Applicable Data Protection Legislation”). The Applicable Data Protection Legislation grants greater rights to you as an individual or “Data Subject”, and imposes greater responsibilities on GSOC as a “Data Controller”. Because we decide the purposes and means of the processing personal data, GSOC is a Data Controller.
One of the central requirements under the Applicable Data Protection Legislation is for the collection of personal data to be lawful and fair. It should be clear to you that personal data concerning you is collected, used, consulted or otherwise processed, and to what extent that personal data is or will be processed. This page explains what information about you GSOC processes, why we process it, with whom we share it, and what your rights are with respect to your personal information.
Our Data Protection Policy sets out how GSOC obtains, processes and retains personal data. This policy is available here. The retention periods for each different type of file or record that contains personal data are listed here.
GSOC will be providing training to all our staff in the coming months to ensure that they are fully informed of their responsibilities regarding GSOC’s use of your data.
GSOC will continue to work towards fully implementing our obligations under the Applicable Data Protection Legislation. Over the coming months we will update this page to highlight the changes that we have implemented to ensure that data privacy and protection will be at the heart of all our functions.
Our Data Protection Officer is Louise O’Meara, available at email@example.com or 1890 600 800.
In order for processing to be lawful, personal data should be processed on the basis of your consent or some other legitimate basis. The Garda Síochána Act, 2005 (as amended) is the legislation that governs the functions of the Garda Síochána Ombudsman Commission (GSOC). Section 67 (2) of that Act outlines GSOC’s functions which are (in summary):
GSOC will not use or disclose personal data for purposes other than in compliance with, and in discharge of, our functions.
In order to perform our statutory functions, GSOC processes personal information about individual members of the public and individual garda members. GSOC collects and processes the following types of information:
GSOC may also collect personal data of a sensitive nature, as defined under the Applicable Data Protection Legislation, including data such as,
Personal data is normally obtained directly from you. In certain circumstances, it will, however, be necessary to obtain data from third parties such as the Garda Síochána, independent witnesses, medical professionals or CCTV footage.
The information we hold or collect about you will be used for management and administrative purposes, to administer complaints, to decide if a complaint is admissible or not, to investigate or resolve complaints or matters that involve alleged garda misconduct and for potential court or disciplinary proceedings in line with the Garda Síochána (Discipline) Regulations 2007.
GSOC is an employer also and processes the personal data of its staff and contracted service providers in order to run the organisation effectively and manage its employment relationship with staff.
Your information may be disclosed to third parties such as the Garda Síochána to enable us to effectively investigate complaints or where we are legally obliged to do so. For example, if we are investigating a complaint we may share personal information with the Garda Síochána in order to identify the garda members concerned. In order to fulfil our obligations as an employer, we share personal information with Peoplepoint and Payroll Shared Services.
More detailed information on how we share your personal data will be provided in our Data Protection Policy.
This means that GSOC has key responsibilities under the Applicable Data Protection Legislation, which are to ensure that personal data is:
GSOC must also be able to show how we are complying with these principles.
You have the following rights under the Application Data Protection Legislation, although your ability to exercise these rights may be subject to certain conditions:
If you wish to know more about your data protection rights please visit the Data Protection Commission (DPC) website here.
To make an access request you should contact us at firstname.lastname@example.org and tell us exactly what information you are seeking to access. We need your request in writing and you should include enough information to identify you, to our reasonable satisfaction so we can verify that we are not releasing your data to someone who is impersonating you.
Further information on how to make a request for access to your personal data is available on the ‘Make a personal data request’ page on this website, here.
GSOC will try to respond as quickly as possible but if we have not been able to complete our response to you within one calendar month we will update you about our progress.
If you have any queries in relation to how your data is processed, please contact our Data Protection Officer, Ms Louise O’Meara at the details below.
Phone: 1890 600 800 (press 2 for Reception)
Address: GSOC, 150 Abbey Street Upper, Dublin 1, D01 FT73
You can also raise a concern with the DPC about how GSOC has handled your personal data. Please visit the DPC website here.
GSOC also holds Non-Personal Data, such as numbers of complainants, statistical information about complaints or investigations and financial information. Non-personal data is not covered by the Data Protection Acts. For access to this type of information, you can make a request under the Freedom of Information Act 2014, here. For further information on how to do that and to view our previous responses to requests, please visit here.