Data Protection

What is Data Protection?

Data protection is about ensuring that people’s personal data is collected, stored and processed safely. Data protection legislation has been put in place to ensure that individuals have privacy rights concerning their personal data. The HPRA, as a data controller, adheres to the principles of data protection, which apply whether the information is held on computer or in a manual form. 
These are:

  • Process information lawfully, fairly and transparently (‘lawfulness’).
  • Collect data only for specified, explicit and legitimate purposes. Further processing of data is carried out for purposes which are compatible with the original purpose the data was collected for (‘purpose limitation’).
  • Collect only data that are adequate, relevant and limited to what is necessary (‘data limitation’).
  • Ensure data are accurate and kept to up to date where necessary (‘accuracy’)
  • Retain data which permits identification of data subjects for no longer than is necessary (‘storage limitation’).

 

What is the difference between Data Protection and Freedom of Information?

The GDPR and the Data Protection Acts 1988 to 2018 provide similar rights of access as the Freedom of Information Acts, the main difference being that the GDPR and the Data Protection Acts 1988 to 2018 do not apply to the records of deceased persons. There are exemptions provided for in the legislation. This means that there are specific circumstances when the requested information will not be released. If any of these exemptions are used to withhold information, the reasons will be clearly explained to you.

You may use either the Freedom of Information Acts, the GDPR or the Data Protection Acts 1988 to 2018  to access personal information held by public bodies. However, the GDPR and the Data Protection Acts 1988 to 2018 apply to your own personal information only.

Please find our privacy and data protection notice here.