Data Protection

The General Data Protection Regulation (GDPR) came into effect on 25th May 2018 and replaced previous data protection laws in the European Union.

The new law gives individuals greater control over their data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by organisations.

Personal data is any information that can identify an individual person. This includes a name, an ID number, location data (for example, location data collected by a mobile phone) or a postal address, online browsing history, images or anything relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.

The GDPR is based on the core principles of data protection which existed under previous law. These principles require organisations and businesses to:

  • collect no more data than is necessary from an individual for the purpose for which it will be used
  • obtain personal data fairly from the individual by giving them notice of the collection and its specific purpose
  • retain the data for no longer than is necessary for that specified purpose
  • keep data safe and secure
  • provide an individual with a copy of his or her personal data if they request it

How to make a GDPR request
If you wish to obtain details about personal data that this department may be processing relating to you then please download the Subject Access Request form by clicking on the link below.

Subject Access Request Form

Please return the completed form, either by post to:
Data Protection Officer,
Department of Rural and Community Development,
Trinity Point,
10-11 Leinster Street South
Dublin 2,
D02 EF85

Or by email to: dataprotectionunit@drcd.gov.ie

What information can I obtain with a GDPR request?
Under the GDPR individuals have the significantly strengthened rights to:

  • obtain details about how their data is processed by an organisation or business
  • obtain copies of personal data that an organisation holds on them
  • have incorrect or incomplete data corrected. If you think that your personal data is not accurate or relevant you can contact us either in writing or by email. You should set out clearly the personal data involved and the reasons why you consider it to be inaccurate and or irrelevant.
  • have their data erased by an organisation, where, for example, the organisation has no legitimate reason for retaining the data
  • obtain their data from an organisation and to have that data transmitted to another organisation (Data Portability)
  • object to the processing of their data by an organisation in certain circumstances
  • not to be subject to (with some exceptions) automated decision making, including profiling

When will I receive a reply?
You will receive an acknowledgement letter from us once we have verified that your Subject Access Request form is fully completed and when we have also verified your identity based on the documentation you provide. We will reply to requests within a calendar month but we do reserve the right to extend that deadline by up to two months if the request is complex or if we are processing numerous requests at that time. In such cases we will notify you of the requirement to extend the deadline within a month of receiving the request and we will provide a reason for the delay.

How much does it cost to make a GDPR request?
If the Subject Access Request is either unfounded, excessive or repetitive the Department will charge for dealing with the request by levying a fee to take into account the administrative costs of providing the information. In all other cases the service is free of charge.

Data Protection Policy
The Department’s Data Protection Policy can be downloaded by clicking on the below link:

DRCD Data Protection Policy

Where can I find more information regarding Data Protection?
More comprehensive information on GDPR can be found on the Data Protection Commissioner’s website: www.dataprotection.ie