Data Protection

Data Protection

The Irish Prison Service is committed to protecting the rights and privacy of all individuals in accordance with the EU General Data Protection Regulation, 2016/679 (GDPR) as given further effect in Part 3 of the Data Protection Act 2018.

Under the General Data Protection Regulation (GDPR), personal data is defined as

“any information relating to an identified or identifiable natural person (data subject)”.

This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number (e.g. PPSN), location data or online identifier and covers all electronic, manual and image data which may be held on computer or on manual files.

The GDPR requires that personal data is:

  1. Processed in a way that is lawful, fair and transparent
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  3. Adequate, relevant and is limited to what is necessary
  4. Accurate and kept up to date
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and
  6. Processed in a manner that ensures appropriate security of the data.

The Irish Prison Service operates as an executive agency of the Department of Justice and Equality. In this regard the Irish Prison Service is governed by the Department’s Data Protection Policy which sets out how we secure and manage personal data in accordance with the six GDPR principles noted above.

Department of Justice and Equality Data Protection Policy (English Language Version)  Beartas um Chosaint Sonraí (DJE)

The Data Protection Officer for the Irish Prison Service is Ms Davina Bracken.

Any data protection queries relating to personal data held by the Irish Prison Service should be directed to the Data Protection Office (DPO).  The DPO can be contacted by e-mail:


Irish Prison Service Data Protection Notice Covid 19 Vaccine

Accessing Your Personal Data – Subject Access Request

Among the rights conferred by the GDPR on ‘data subjects’ is the right to obtain a copy of their personal data which is being processed by the Irish Prison Service.  In order for the Service to identify and locate the personal data sought, please ensure that you provide, in so far as is possible, details of your interaction with our various prisons and/or Directorates, as well as any specific identifiers (e.g. any previous addresses, date of birth, reference number from previous contact with the Irish Prison Service etc.). In addition, as we need to verify the identity of anyone making a Subject Access Request, you will need to provide us with specific forms of identification.  Your Subject Access Request will be responded to within one month of the date of receipt or, where difficulty arises in the verification of your identity, within one month of identity verification.

To make a Subject Access Request please contact the Irish Prison Service DPO by email to or alternatively by post to:

Data Protection Office

Irish Prison Service

Ballinalee Road,


Co. Longford.

N39 A308