The European Union GDPR commences on the 25th May 2018. The GDPR provides for the consistent application of rules for the protection of the fundamental rights and freedoms of natural persons with regard to the processing of personal data across the EU member states.
The GDPR grants greater rights to you as an individual or “Data Subject”, and imposes greater responsibilities on GSOC as a “Data Controller”. One of the central requirements under the GDPR is for the collection of personal data to be lawful and fair. It should be clear to you that personal data concerning you is collected, used, consulted or otherwise processed, and to what extent that personal data is or will be processed. This page explains what information about you GSOC processes, why we process it, with whom we share it, and what your rights are with respect to your information.
GSOC has actively prepared for the introduction of the GDPR by reviewing what data we retain and how we process that data to ensure that we are legally compliant in how we handle and process personal data.
GSOC will shortly be publishing our updated Data Protection Policy on our website
GSOC will be providing training to all our staff in the coming months to ensure that they are fully informed of their responsibilities regarding GSOC’s use of your data.
GSOC will continue to work towards fully implementing our obligations under the GDPR. Over the coming months we will update this page to highlight the changes that we have implemented to ensure that data privacy and protection will be at the heart of all our functions.
Our Data Protection Officer is Louise O’Meara.
In order for processing to be lawful, personal data should be processed on the basis of your consent or some other legitimate basis. The Garda Síochána Act, 2005 (as amended) is the legislation that governs the functions of the Garda Síochána Ombudsman Commission (GSOC). Section 67 (2) of that Act outlines GSOC’s functions which are (in summary):
In order to perform our statutory functions, GSOC processes personal information about individual members of the public and individual garda members. GSOC collects and processes the following types of information:
GSOC may also collect personal data of a sensitive nature, as defined under the GDPR, including data such as,
Personal data is normally obtained directly from you. In certain circumstances, it will, however, be necessary to obtain data from third parties such as the Garda Síochána, independent witnesses, medical professionals or CCTV footage.
The categories of personal data we process and the legal bases for doing so will be set out in more detail later.
The information we hold or collect about you will be used for management and administrative purposes, to administer complaints, to decide if a complaint is admissible or not, to investigate or resolve complaints and for matters that involve alleged garda misconduct and for potential court or disciplinary proceedings in line with the Garda Síochána (Discipline) Regulations 2007.
GSOC is an employer also and processes the personal data of its staff and contracted service providers in order to run the organisation effectively and manage its employment relationship with staff.
Your information may be disclosed to third parties such as the Garda Síochána to enable us to effectively investigate complaints or where we are legally obliged to do so. For example, if we are investigating a complaint we may share personal information with the Garda Síochána in order to identify the garda members concerned. In order to fulfil our obligations as an employer, we share personal information with Peoplepoint and Payroll Shared Services.
More detailed information on how we share your personal data will be provided in our Data Protection Policy.
The Data Protection Acts 1998 and 2003 is the current legislation that governs your right as an individual—or data subject—to access your personal data. These Acts will shortly be replaced by a new Data Protection Bill. The Data Protection Bill provides that the processing of personal data shall be lawful where such processing is necessary for the performance of a statutory function of a controller of data. As already outlined GSOC’s functions are set out under section 67 of the Garda Síochána Act, 2005.
GSOC is a “Data Controller”. This means that GSOC has certain responsibilities in how we process and retain personal data. We must:
You have the following rights under data protection law, although your ability to exercise these rights may be subject to certain conditions:
GSOC is aware of our obligations as a data controller with primary responsibility for, and a duty of care towards, the personal data within our control. Our obligations are set out in the GDPR and associated Irish legislation.
Data subjects, whose personal data is held by GSOC, are entitled to ask and receive confirmation about whether or not personal data concerning them is being processed. Where that is the case, data subjects are entitled to access their personal data as well as certain information in relation the processing of that data. In certain cases, access may be delayed if GSOC decides that releasing the data at that time would negatively impact our investigation of a complaint or referral.
The subject access request should be made in writing, and should include sufficient information to identify you, to our reasonable satisfaction so we can verify that we are not releasing your data to someone who is impersonating you.
Access requests should be directed to email@example.com. Further information on how to make a request for access to your personal data is available on the ‘Make a personal data request’ page on this website.
GSOC will try to respond as quickly as possible and in any event without undue delay, but if we have not been able to complete our response to you within one calendar month we will update you about our progress.
This right to access your personal data is subject to very limited exemptions. GSOC is partially exempt from the duty to disclose in certain circumstances, including where such data is retained for the purposes of investigating criminal offences.
If you have any queries in relation to how your data is processed, please contact our Data Protection Officer, Ms Louise O’Meara at the details below.
Phone: 1890 600 800 (press 2 for Reception)
Address: GSOC, 150 Abbey Street Upper, Dublin 1, D01 FT73
GSOC also holds “Non-Personal Data”, such as numbers of complainants, statistical information about complaints or investigations and financial information. Non-personal data is not covered by the Data Protection Acts. For access to this type of information, you can make a request under the Freedom of Information Act 2014.
For further information on how to do that and to view our previous responses to requests, please visit here.