Privacy notice for authority and committee members and experts

The HPRA has created this data protection notice as the controller of your personal data to demonstrate our firm commitment to privacy and to inform you about the information we collect and process in connection with your involvement with the HPRA Authority and/or its committees, or your role as an external expert.

This notice sets out an explanation of what information about you we process, why we process your information, with whom your information is shared and a description of your rights with respect to your information.

What information do we process?

We process data such as

  • contact details e.g. name, address, phone numbers, email addresses
  • financial information such as your bank account number in order to reimburse expenses
  • details of your qualifications and work experience
  • accident reports in cases where an accident occurs on HPRA property
  • declaration of interests including details regarding household members


The legal basis for processing personal data for public interest/official authority is Article 6(1)(e) of the General Data Protection Regulation (GDPR), which states:

Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

The legal basis for processing personal data for accident reports is Article 9(2)(b) of the General Data Protection Regulation (GDPR), which states:

Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject

How is your information shared?

Your contact information is not shared publicly.

Authority members’ information, names, profiles and a summary of declarations of interest are made available at  

Committee members’ names are made available here. 

How long do we keep your information?

Authority and Committee members and experts’ information will be retained indefinitely in order to maintain an audit trail demonstrating the integrity of regulatory decisions. Where relevant, accident reports are kept for ten years and then deleted.

What are your rights under data protection law?

You have the following rights under data protection law, although your ability to exercise these rights may be subject to certain conditions:

  • the right to request access to the personal data that we hold about you, together with other information about our processing of that personal data;
  • the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete;
  • the right, in certain circumstances, to request that we erase your personal data;
  • the right, in certain circumstances, to request that we no longer process your personal data for particular purposes, or object to our use of your personal data or the way in which we process it;
  • the right, in certain circumstances, to transfer your personal data to another organisation;
  • the right to lodge a complaint with the Data Protection Commissioner


Further information

If you have any queries in relation to this privacy notice, or if you have any concerns as to how your data is processed, please contact the data protection officer:

Data Protection Officer
Health Products Regulatory Authority
Kevin O’Malley House,
Earlsfort Centre,
Earlsfort Terrace,
Dublin 2
D02 XP77
Tel: +353 (1) 6764971
Fax: +353 (1) 6767836