Introduction
Data protection aims to regulate the collection, processing, keeping, disposal and disclosure of personal data. The current legislative framework governing this area is contained in the General Data Protection Regulation (GDPR) which came into effect in every member state across the European Union on 25th May 2018 and the Data Protection Act 2018 which gives further effect to this Regulation. This legislative framework defines personal data as any information relating to an identified or identifiable natural person. It applies to personal data held in physical and electronic format by private and public organisations. It imposes responsibilities on those who control personal data (controllers) and those who process personal data (processors). It also confers rights on individuals in relation to their own personal data (data subjects).
GDPR Principles
The following principles underpin all of Carlow County Council’s data protection processes, practices and procedures:
- Lawfulness, Fairness and Transparency: Carlow County Council will ensure that the personal data it collects from data subjects is obtained lawfully, fairly and in a transparent manner.
- Purpose Limitation: It will clearly communicate to data subjects the purposes for obtaining their personal data and take measures to ensure that the processing of their personal data is limited to the purposes for which it was obtained.
- Data Minimisation: It will put in place measures to ensure that the personal data held by it is proportionate for the specified purpose that it was obtained.
- Accuracy: It will implement measures to ensure that errors in personal data are identified, reported and corrected in as timely a manner as possible.
- Storage Limitation: It will retain personal data for no longer than is necessary.
- Integrity & Confidentiality. It will maintain the highest standards of technical and organisational security measures to protect personal data.
- Accountability: It will actively monitor and govern the management of all personal data that it controls.
Further details on how Carlow County Council will give effect to these principles are contained in its Corporate Data Protection Policy.
Data Subject Rights
Data subjects have the following rights:
- The right to be informed;
- The right of access;
- Right to the rectification of inaccurate or incomplete personal data;
- The right to erasure (also known as the ‘right to be forgotten’) of personal data;
- The right to portability;
- The right to object to the processing of personal data;
- The right of restriction to the processing of personal data;
- Rights in relation to automated decision making, including profiling.
Further details on these rights and how data subjects may exercise their rights are contained in Carlow County Council’s Data Subject Rights – Policy and Procedures . In addition a Subject Access Requests – Policy and Procedures document is available to assist data subjects with the process for accessing their personal data.
Privacy Statements
In order to maximise transparency and give effect to the right of data subjects to be informed, Carlow County Council has developed an overall Corporate Privacy Statement and specific Privacy Statements for each of its Departments/Business Units. The purpose of these Privacy Statements is to describe, in simple terms, the personal data that Carlow County Council collects from data subjects, why it needs the personal data, how it uses the personal data and how data subjects can interact with the County Council regarding their personal data.
Data Breaches
Carlow County Council has implemented a range of technical and organisational security measures in order to safeguard the personal data under its control. However, on rare occasions, a breach of data security may occur for reasons such as accidental disclosure, equipment failure, loss or theft. It is the policy of Carlow County Council to ensure that in the event of a personal data breach occurring that appropriate measures exist to facilitate:
- The identification of personal data breaches and their consequences;
- The notification of personal data breaches to the Data Protection Commission and data subjects;
- Limiting and / or remedying the impact of personal data breaches;
- Implementing controls to prevent a reoccurrence of the personal data breach.
The focus of such measures shall be on protecting the rights and interests of data subjects.
Carlow County Council has developed a Personal Data Breach Policy and Procedures to facilitate it to respond appropriately in the event of a personal data breach occurring.
Further Information
Further information and advice on Carlow County Council related data protection matters can be obtained from its Data Protection Officer. Contact details are as follows:
Phone: 0599170300
E-mail: [email protected]
Website: www.carlow.ie
Postal Address: Carlow County Council, County Buildings, Athy Road, Carlow
This webpage will also be updated and expanded with further information on a regular basis.
