7/30/2019 Garda Data Protection Guidance

1/3

An Garda Siochana

Coirnisinir Carita

Forbartha Agrafochta agus

Pleanail Straitiseach

Ceanncheathru~ An Gharda Siochana

Pairc an Fhionnul~sce

Daile ha Cliath 8

Teileaf6n/Tel: (01) 666 1901

Facs/Fax: (01) 666 1905

Luaigh an uimhir thagartha seo a /eanas.'

PLease quote the following ref. number.-

Assistant Commissioner

Organisation Developm~ent

Strategic ~Planning

Garda Headquarters

Phoenix Park

Dublin 8

Lai~thre Grdan/Web Site:

www.garda.ie

Riomhphost:/Email:

Commissioner_ST@garda.ie

Treoir Ceanncheathn !

HQ Directive No: 95/2012

Gach Oifigeach, Cigire agus Staisiun - Each Officer, Inspector and Station

Is doicimid faoi iontaoibh seo le h-usaid ag pearsanra den Gharda Siochana amhain

This is a confidential document for use only by personnel of An Garda Sfocharla

RE: Data Protection in An Garda Siochana

Data Protection Acts 1988 & 2003

In accordance with HQ Directive 158/2007, the Garda Commissioner is the Data Controller

~forthe purposes of the Data Protection Acts 1988/2003 and has ultimate responsibility for the

compliance by every employee of An Garda Siocha with the Acts.

In this regard the Code of Practice for Data Protection has been issued to every staff

member of An Garda Siocha. The aim of the Code of Practice is to ensure each employee

has a clear understanding of his/her responsibilities regarding these Acts.

Definition of Data

The term `data` means information in a form that can be processed It includes both

automated or electronic data and manual data. Automated data means any information on a

computer or information recorded with the intention of putting it on a computer. Examples

of this are entries on the PULSE system or any other electronic database. Manual data means

information that is kept as part of a relevant ming system or with the intention that it should

form part of a relevant filing system. Examples of this are all traditional paper files such as

investigation files and reports and statements as well as personnel and financial records and

duty rosters prepared as part of normal operational duties.

Section 4 Data Protection Code of Practice (page 7)

DATA PROTECTION RULES EACH MEMBER OF AN GARDA SjOCIIANA MUST

ADHERE TO:

I. Obtain and process information fairly

2. Keep it only for one or more specified, explicit and lawful purposes

3. Use and disclose it only in ways compatible with these purposes

4. Keep it safe and secure

5. Keep it accurate, complete and up-to-date

6. Ensure that it is adequate, relevant and not excessive

7. Retain it for no longer than is necessary for the purpose or purposes

8. Give a copy of his/her personal data to the relevant individual, on request

Ag obair /e Pobai/ Chan !ad a chosaint agus Chan freastaX orthu I Working with Communities to Protect and Serve

7/30/2019 Garda Data Protection Guidance

2/3

Ownership of Data Protection and Data Protection Code of Practice

In accordance with HQ Directive 93/2011 and HQ Directive 36/2012. ownership of Data

Protection and the Data Protection Code of Practice transferred from Assistant Commissioner

Crime and Security to Assistant Commissioner Organisation Development and Strategic

Planning on 1 May 2012.

Data Protection Access Requests

Data Protection Access Requests made to An Garda Sfocha by individuals seeking accessto their persona! data are processed at the Data Protection Processing Unit which is located

within the Garda Central Vetting Unit. A statutory timeframe of 40 days exists for the

processing of such a request. Accordingly all Data Protection Access Requests received

from individual Data Subjects at any Garda Station or office of An Garda Sfochana will be

immediately forwarded for processing to:

Superintendent

Data Protection Processing Unit

An Garda Siochana

Racecourse Road

Thurles

Co. Tipperary

Data Protection Access Requests may, in some instances, be transmitted from the Data

Protection Processing Unit to divisions, districts and sections to establish the existence of

personal data. In such cases ALL information related to the person will be forwarded to the

Data Protection Processing Unit not later than I O days before the 40 day time limit where the

material will be assessed and a decision on disclosure will be made on a case by case basis.

District and Divisional Officers may make recommendations as to disclosure or non"

disclosure of material but a final decision will be made in all cases by Superintendent, Data

Protection Processing Unit.

Compliance with Data Protection Acts: PULSE Reason for EnquirySignificant concerns have been raised about PULSE usage and compliance with the Data

Protection Act 1988/2003 within An Garda Siochana. Areas of PULSE usage which are

causing concerns are searches on persons, vehicles and organisations where the Reason for

Enquiry box is not being completed or is only partially completed. This is not acceptable.

The Data Protection code of Practice states that accessing or disclosing personal data for

any purpose other than that for which it is obtained is prohibited , therefore it is essential

when enquiries are carried out on Items of interest i.e. Persons Vehicles Locations, full

informatl~on should be included in the reason' for enquiry field in accordance with the

instructions at Code 32.15(3) and HQ Directive 14/2001. There will be no exceptions to

this.

Audit of PULSE enquiries

Accessing information that is in possession of An Garda Siocharia for non-business purposes

is prohibited. In order to protect the reputation of An Garda Siocha in this regard,

individual enquiries conducted by Garda personnel on PULSE will be audited forthwith. The

audit will take the form of a district/station/individual audit of all person, vehicle and

organisation searches in report format. The Garda Professional Standards Unit are

responsible for the examination of the implementation of Data Protection Policy, Procedures

and Legislative requirements. The examinations will include random electronic audits of

District/Station/Individual records of all Person Vehicle and Location searched and any

irregularities identified will be reported to local management for necessary attention.

Random auditing will occur from 6 December 2012.

41gobair LePobail chun lad a chosa!nt agus Chan freastal orthu\ Works~ng with Communities to Protect and Serve

7/30/2019 Garda Data Protection Guidance

3/3

Inappropriate disclosure of information

Inappropriate release of any data in the possession of An Garda Sfochana to external agencies

or individuals is prohibited. Unauthorised release of Garda information to any source

external to An Garda Siocharla will be fully investigated and processed in accordance with

the Garda SiochSn~a (Discipline) Regulations 2007. The cn'rninal aspects of any

inappropriate disclosure of information will also be fully investigated.

Certification

Divisional Officers will certify in writing to Assistant Commissioner Organisation

Development and Strategic Planning that each employee has read and understood this

directive and the documents referenced within~

Bring to the notice of all concerned.

FOR STRICT COMPLIANCE

~ Assistant CommissionerA.J. Nolan

6 December 2012

Ag obas'r le Pobai/ Chan lad a chosaint agus Chanfreastal orthu / Working with Communities to Protect and Serve