Data Protection

RCC_New_logo

Introduction

Data protection aims to regulate the collection, processing, keeping, disposal and disclosure of personal data. The current legislative framework governing this area is contained in the General Data Protection Regulation (GDPR) which came into effect in every member state across the European Union on 25th May 2018 and the Data Protection Act 2018 which gives further effect to this Regulation. This legislative framework defines personal data as any information relating to an identified or identifiable natural person. It applies to personal data held in physical and electronic format by private and public organisations. It imposes responsibilities on those who control personal data (controllers) and those who process personal data (processors). It also confers rights on individuals in relation to their own personal data (data subjects).

GDPR Principles

The following principles underpin all of Roscommon County Council’s data protection processes, practices and procedures:

  • Lawfulness, Fairness and Transparency: Roscommon County Council will ensure that the personal data it collects from data subjects is obtained lawfully, fairly and in a transparent manner.
  • Purpose Limitation: It will clearly communicate to data subjects the purposes for obtaining their personal data and take measures to ensure that the processing of their personal data is limited to the purposes for which it was obtained.
  • Data Minimisation: It will put in place measures to ensure that the personal data held by it is proportionate for the specified purpose that it was obtained.
  • Accuracy: It will implement measures to ensure that errors in personal data are identified, reported and corrected in as timely a manner as possible.
  • Storage Limitation: It will retain personal data for no longer than is necessary.
  • Integrity & Confidentiality. It will maintain the highest standards of technical and organisational security measures to protect personal data.
  • Accountability: It will actively monitor and govern the management of all personal data that it controls.

Further details on how Roscommon County Council will give effect to these principles are contained in its Corporate Data Protection Policy.

Data Subject Rights

Data subjects have the following rights:

  • The right to be informed;
  • The right of access;
  • Right to the rectification of inaccurate or incomplete personal data;
  • The right to erasure (also known as the ‘right to be forgotten’) of personal data;
  • The right to portability;
  • The right to object to the processing of personal data;
  • The right of restriction to the processing of personal data;
  • Rights in relation to automated decision making, including profiling.

Further details on these rights and how data subjects may exercise their rights are contained in Roscommon County Council’s Data Subject Rights – Policy and Procedures . In addition a Subject Access Requests – Policy and Procedures document is available to assist data subjects with the process for accessing their personal data.

Privacy Statements

In order to maximise transparency and give effect to the right of data subjects to be informed Roscommon County Council has developed a Corporate Privacy Statement. The purpose of this corporate statement is to describe, in simple terms, the personal data that Roscommon County Council collects from data subjects, why it needs the personal data, how it uses the personal data and how data subjects can interact with the County Council regarding their personal data.

More detailed privacy notices that are specific to each of its services will be developed by Roscommon County Council.

Data Breaches

Roscommon County Council has implemented a range of technical and organisational security measures in order to safeguard the personal data under its control. However, on rare occasions, a breach of data security may occur for reasons such as accidental disclosure, equipment failure, loss or theft. It is the policy of Roscommon County Council to ensure that in the event of a personal data breach occurring that appropriate measures exist to facilitate:

  • The identification of personal data breaches and their consequences;
  • The notification of personal data breaches to the Data Protection Commission and data subjects;
  • Limiting and / or remedying the impact of personal data breaches;
  • Implementing controls to prevent a reoccurrence of the personal data breach. 

The focus of such measures shall be on protecting the rights and interests of data subjects. 

Roscommon County Council has developed a Personal Data Breach Policy and Procedures  to facilitate it to respond appropriately in the event of a personal data breach occurring.  

Further Information

Further information and advice on Roscommon County Council related data protection matters can be obtained from its Data Protection Officer. Contact details are as follows: 

Phone: 090 6637100

E-mail: dataprotection@roscommoncoco.ie

Website: www.roscommoncoco.ie

Postal Address: Roscommon County Council, Áras an Chontae, Roscommon, F47 VR98.  

This webpage will also be updated and expanded with further information on a regular basis.