The Irish Prison Service is committed to protecting the rights and privacy of all individuals in accordance with the EU General Data Protection Regulation, 2016/679 (GDPR) as given further effect in Part 3 of the Data Protection Act 2018.
Under the General Data Protection Regulation (GDPR), personal data is defined as
“any information relating to an identified or identifiable natural person (data subject)”.
This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number (e.g. PPSN), location data or online identifier and covers all electronic, manual and image data which may be held on computer or on manual files.
The GDPR requires that personal data is:
- Processed in a way that is lawful, fair and transparent
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- Adequate, relevant and is limited to what is necessary
- Accurate and kept up to date
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and
- Processed in a manner that ensures appropriate security of the data.
The Irish Prison Service operates as an executive agency of the Department of Justice and Equality. In this regard the Irish Prison Service is governed by the Department’s Data Protection Policy which sets out how we secure and manage personal data in accordance with the six GDPR principles noted above.
The Data Protection Officer for the Irish Prison Service is Mr. Stephen Kelly.
Any data protection queries relating to personal data held by the Irish Prison Service should be directed to the Data Protection Office (DPO). The DPO can be contacted by phone on 043 3335349 or by e-mail to firstname.lastname@example.org
Accessing Your Personal Data – Subject Access Request
Among the rights conferred by the GDPR on ‘data subjects’ is the right to obtain a copy of their personal data which is being processed by the Irish Prison Service. In order for the Service to identify and locate the personal data sought, you should complete and return our Subject Access Request Form (SAR) ensuring that you provide, in so far as is possible, details of your interaction with our various prisons and/or Directorates, as well as any specific identifiers (e.g. any previous addresses, date of birth, reference number from previous contact with the Irish Prison Service etc.). In addition, as we need to verify the identity of anyone making a Subject Access Request, you will need to provide us with specific forms of identification (details contained in the SAR form). Your Subject Access Request will be responded to within one month of the date of receipt or, where difficulty arises in the verification of your identity, within one month of identity verification.
To make a Subject Access Request please contact the Irish Prison Service DPO by email to email@example.com or alternatively by post to:
Data Protection Office
Irish Prison Service