The EU General Data Protection Regulation (GDPR) came into direct legal effect in all EU member states, including Ireland, on 25 May 2018.
Under GDPR, personal data is defined “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person“.
Everyone has rights with regard to how their personal data is handled. The NSSO recognises the need to treat this data in an appropriate and lawful manner. The NSSO is committed to complying with its obligations in this regard and in respect of all personal data.
The NSSO, while a controller of its own staff and corporate functions, primarily operates as a processor providing services to other public service bodies. As such the legal obligations on the NSSO as a processor are different to that of a controller.
Our Data Protection Policy addresses these issues and gives a comprehensive list of our data related policies, including the NSSO’s ‘Subject Access Request’ obligations.
The policy will be regularly updated to reflect evolving processes.