v.26.04.2023
We fully respect your right to privacy. Any personal information which you provide to us will be treated with the highest standards of security and confidentiality, strictly in accordance with the Data Protection Acts 1988-2018. The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation on data protection and privacy for all individuals within the European Union. It came into force across the European Union on 25 May 2018. It replaces the previous data protection directive which has been in force since 1995 and forms the basis of our new data protection Irish laws (Data Protection Acts 1988-2018).
As an EU regulation, the GDPR does not generally require transposition into Irish law, as EU regulations have “direct effect”. In Ireland, we have introduced new legislation known as the Data Protection Act 2018 which was signed into law on 24 May 2018.
Among its provisions, the Act:
This new Act, together with the previous data protection legislation will be collectively known as the “Data Protection Acts 1988-2018”.
The Data Protection Acts 1988-2018 are designed to protect people’s privacy. The legislation confers rights on individuals in relation to the privacy of their personal data as well as responsibilities on those persons holding and processing such data.
Personal data means data relating to a person who is or can be identified either from the data itself or in conjunction with other information that is in, or is likely to come into, the possession of the department. It covers any information that relates to an identified or identifiable living individual. These data can be held on computers or in manual files.
Under the GDPR and Data Protection Acts 1988-2018, this department, as a Data Controller, has a legal responsibility to:
Our Data Protection Officer is Celyna Coughlan. She is responsible for all data protection matters for our department and its offices, including the Workplace Relations Commission (WRC), Labour Court, Companies Registration Office (CRO), Registry of Friendly Societies (RFS), Register of Beneficial Ownership (RBO) and the Intellectual Property Office of Ireland (IPOI).
You can contact our Data Protection Officer by emailing [email protected] or by telephone at 01 631 2398.
A data subject (“individual”) has the following rights under the GDPR and Data Protection Acts 1988-2018:
An individual can make a data protection access request by completing a Subject Access Request (SAR) form and sending it to:
Celyna Coughlan, Data Protection Officer, Department of Enterprise, Trade and Employment, Kildare Street, Dublin 2, D02 TD30.
Applications can also be sent by email to [email protected].
You must complete a Subject Access Request (SAR) form in order to request a copy of your own personal information from us. This form must be completed in full and sent to our Data Protection Officer. You will also need to supply us with adequate proof of identity as part of this process. You should try to be as specific as possible in identifying the personal information that you are seeking from us. Also, if possible, try to specify the areas of the department where you feel would be most relevant to your request. This will assist us in providing you with an effective and efficient service. The most efficient way for us to deal with your Subject Access Request (SAR) is to email us with a copy of your completed Subject Access Request (SAR) form and adequate proof of identity to [email protected].
If you need assistance with completing the Subject Access Request (SAR) form please contact Celyna Coughlan, our Data Protection Officer, at [email protected] or by telephone at 01 631 2398.
In general, there is no charge for individuals who seek access to their personal records under the Data Protection Acts and requests will be completed within one month.
In a small number of circumstances your right to access personal records can be limited. This is necessary in order to strike a balance between the rights of the individual, on the one hand, and some important needs of civil society, on the other hand.
Under the GDPR, each EU member state will have one or more independent public authorities responsible for monitoring the application of the regulation. In Ireland, under the Data Protection Act 2018, the Data Protection Commissioner has been replaced with a Data Protection Commission.
Each supervisory authority will:
Each authority will have the power to order any controller or processor to provide information that the authority requires to assess compliance with the regulation. The authority may carry out investigations of controllers and processors in the form of data audits, including accessing the premises of a controller or processor. The authority can order a controller or processor to change their processes, comply with data subject requests. The authority can also issue warnings to controllers and processors and can ban processing as well as commence legal proceedings against a controller or processor.
The GDPR will introduce a new European data protection supervisory authority. The European Data Protection Board will be responsible for ensuring that the GDPR is applied consistently across the European Union. The Board will issue guidelines and recommendations on the application of the regulation. The Board will also advise the EU Commission on the application of the regulation and any updates that may be required. The Board will be made up of the head of one supervisory authority of each EU member state and a European Data Protection supervisor.
The Data Protection Commission website offers an explanation of the rights and responsibilities under the Data Protection Acts.
Payoma Limited is authorised by the Financial Conduct Authority (FCA) under the Electronic Money Regulations 2011 (FCA register number 900217) for the issuing of electronic money.