Data Protection Statement
1. Who are we?
Dun Laoghaire-Rathdown County Council (the Council) is a democratically elected unit of Local Government within County Dublin and is responsible for providing a range of services to meet the economic, social and cultural needs of our citizens and communities in partnership with our stakeholders.
In order to provide the most effective and targeted services to meet the needs of the citizens, communities and businesses we will be required to collect, process and use certain types of information about people and organisations. Depending on the service being offered, information sought may include ‘personal data’ as defined by the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988 to 2018 and may relate to current, past and future service users; past; current and prospective employees; suppliers; and members of the public who may engage in communications with our staff.
In this context the Council is a data controller under the GDPR and Data Protection Acts and is obliged to comply with a range of requirements under these legislations. “Data controllers” are organisations who determine the purposes for which, and the manner in which, any personal data is processed, who make independent decisions in relation to the personal data and/or who otherwise control that personal data. Where the Council is providing services involving the collection of personal data for another agency or Government Department it may act as a data processor or joint controller.
Data in this policy document means both personal data and special category personal data. Given the range of services and activities conducted by the Council full details of personal data for each process cannot be specified in this statement, however the personal data that you may typically be asked to supply can be categorised as follows;
In addition, staff may be required, from time to time, to collect process and use certain types of personal data to comply with regulatory or legislative requirements or to carry out functions in the public interest.
In compliance with the GDPR the Council maintains records of processing regarding personal data received and collected for its functions.
2. What is the purpose of this Data Protection Statement?
The Council is committed to meeting all relevant data protection, privacy and security requirements, whether originating from legal, regulatory or contractual obligations and is committed to protecting the rights and privacy of individuals in accordance with current data protection legislation. This statement should be read in conjunction with the GDPR and the Data Protection Acts.
This statement has been created to demonstrate the Council’s commitment that the personal data you may be required to supply is in order to access services, will be processed in accordance with data protection principles, which state that personal data will be;
3. High level statement implementation of GDPR Principles
The following is intended to provide a summary of activities of the Council to ensure that its management of personal data adheres with the principles of GDPR. These principles require that personal data shall be:
The Council is developing a transparency programme to endeavour to ensure that at the earliest practical point in the collecting or processing of personal data that the individual is provided with written details, or made aware of how to access, a written statement of their privacy rights. We currently have a Privacy Statement that is available here https://www.dlrcoco.ie/sites/default/files/atoms/files/privacy_statement.pdf
The Council processes personal data using a lawful basis as set out in Article 6 of the GDPR.
The Council endeavours to ensure that personal data sought is minimal and aligned to the purpose or activity for which it is required.
It should however be noted that staff may be required, from time to time, to collect process and use certain types of personal data to comply with regulatory or legislative requirements or to carry out functions in the public interest. This may extend to sharing or disclosure of personal data to other bodies to comply with our statutory obligations.
The Council will provide reasonable opportunities for individuals to ensure personal data that is inaccurate can be deleted or corrected as required.
In practical terms this can often relate to changes in customers addresses and contact details. If you find that personal data we have about you is inaccurate or needs to be updated (for instance, you may have changed your name, address, contact details etc.) then please contact the Data Protection Co-ordinator (details at paragraph 6 below) so that we can correct it.
The National Retention Policy for Local Authority Records is under review. The revised Policy will provide information on the criteria for determining retention, archival and deletion or end dates for Council records in all the functions it operates.
The Council, taking into account the nature, scope, purposes and related risks of processing, employ appropriate physical, technical and organisational measures to secure personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. We also maintain data security by protecting the confidentiality, integrity and availability of the personal data, defined as follows:
In addition, the Council provides support, assistance, advice and data protection awareness training, which includes physical and IT security training for staff to ensure compliance with the legislation, and to ensure a secure environment for your personal data.
4. Compliance with GDPR and with the Data Protection Acts
The Council has designated a Data Protection Officer in accordance with requirements of the GDPR. Contact details are provided at the end of this document. The Data Protection Officer’s role is:
5. Disclosure to third parties
It should be noted that staff of the Council may be required, from time to time, to collect process and use certain types of personal data to comply with regulatory or legislative requirements or to carry out functions in the public interest. This may extend to sharing or disclosure of personal data to other bodies to comply with our statutory obligations.
Typically, disclosure requests will involve requests from law enforcement/investigation agencies for purposes involving preventing, detecting or investigating offences, apprehending or prosecuting offenders or assessing or collecting any tax, duty or other monies owed or payable to the State, a local authority and/or to prevent injury or other damage to the health of a person or serious loss of or damage to property.
There are certain other limited circumstances where disclosures may be made.
Council officials who perform statutory duties involving preventing, detecting or investigating offences, apprehending or prosecuting offenders or assessing or collecting any tax, duty or other monies owed or payable to the Council, may also access personal data where relevant to the performance of such duties. Access of this nature is confined to those staff performing such functions.
6. The Rights of the Data Subject
Individuals have the right to apply to:
There are restrictions to these rights. The Council will examine each request to ensure that requests that can be granted are granted and where we are obliged to apply a restriction to a request, under the Acts, that we do so. On this basis general guidance on likely outcomes cannot be provided and requests from individuals seeking to exercise their rights will be assessed on a case-by-case basis against the various criteria to determine applicability. Full details of data subject rights and restrictions are outlined in Chapter 3 of the GDPR.
Please note that in respect of Data Subject Access Requests and other rights of the data subject as outlined in paragraph 6 please contact the Data Protection Co-Ordinator at:
Postal Address Corporate, Communications and Governance Department
Dun Laoghaire-Rathdown County Council,
Co Dublin. A96 K6C9.
Phone +353 1 205 4360
In relation to data subject access requests, we take steps to verify your identity before granting access to personal data. When making a data subject access request you will be asked to provide proof of your identity.
Data Protection Officer – Dun Laoghaire-Rathdown County Council
Our Data Protection Officer (DPO) advises and guides the staff of the Council in how they collect, use, share and protect your information to ensure your rights are fulfilled in compliance with the GDPR and Data Protection Acts. The DPO also acts as the contact point for individuals with concerns about the processing of their personal data and is also the liaison between the Council and the Office of the Data Protection Commissioner.
If you have any complaint about the processing of your personal data by the Council you may contact the Data Protection Officer at firstname.lastname@example.org. Please note that all requests for the access of your personal data should be made to the Data Protection Co-ordinator whose details are set out above.
Right of Complaint to the Data Protection Commissioner
If you are not satisfied with the outcome of the response received from the Council or the Council’s DPO you are entitled to make a complaint to the Data Protection Commissioner who may investigate the matter for you. The Data Protection Commissioner’s website is www.dataprotection.ie or you can contact their Office at:
Postal Address Data Protection Commission,
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Phone +353 578 648 800 or +353 761 104 800
7. Statement on management of CCTV
The Council is developing a policy on the use of CCTV and details of this policy will be provided on the Council’s web site shortly.
8. Security and Confidentiality
We protect your information with procedural, physical and technological measures and controls to ensure (in so far as it is possible) a safe and secure location for your personal data. The Council is committed to securing personal data through a range of measures aimed at minimising risks of the following outcomes relating to personal data.
In determining security measures, the Council first have regard to risks related to:
Based on this assessment we then proceed to identify suitable organisational or technological options to address security, while having regard to the related cost of employing solutions.
9. Governance, Monitoring and Review
The Council has regard to the significant requirements under the GDPR and the Data Protection Acts and on this basis operates a governance structure to underpin compliance with its varied obligations.
Dun Laoghaire-Rathdown County Council will review this statement and supporting policies and actions periodically in light of its operation and in terms of new legislative or other relevant factors such as publication of guidance from the Office of the Data Protection Commissioner.
All requests for personal details must be made in writing, either by post or email. The Council shall respond to your request within one month. You may be asked for evidence of your identity. This is to make sure that personal information is not given to the wrong person. Please address your request to:
Data Protection Co-Ordinator
Dún Laoghaire-Rathdown County Council
Phone: +353 01 2054827
In your request, you should give any details that will help the Council to identify you and find your data e.g. any previous address and/or date of birth. Also, be clear about which details you are looking for if you are only looking for certain information.
You will receive these details within one month of your request however if the request is complex, and the Council is of the opinion that it requires additional time to consider the request, it may once only extend the time, by notice in writing to you, by a further period not exceeding two months.
In general No.
However section 93(4) of the Data Protection Act 2018 provides if a request is manifestly unfounded or excessive in nature, a reasonable charge may be imposed having regard to the administrative cost of complying with the request.
If you feel the Council is not respecting your data protection rights, you should contact the organisation's Data Protection Officer.
Data Protection Officer
Dún Laoghaire-Rathdown County Council
Phone: +353 01 2054827
If you are then not satisfied with our response, you may contact the Office of the Data Protection Commissioner – details as follows:
The Office of the Data Protection Commissioner
LoCall: 1890 252 231 Tel: +353 0761 104 800 Fax: +353 57 868 4757