What is Data Protection?
Data protection is about ensuring that people’s personal data is collected, stored and processed safely. Data protection legislation has been put in place to ensure that individuals have privacy rights concerning their personal data. The Pharmaceutical Society of Ireland (PSI), as a Data Controller, must adhere to the eight rules of Data Protection, which apply whether the information is held on computer or in a manual form. These are:
- Obtain and process information fairly
- Keep it only for one or more specified, explicit and lawful purposes
- Use and disclose it only in ways compatible with these purposes
- Keep it safe and secure
- Keep it accurate, complete and up-to-date
- Ensure that it is adequate, relevant and not excessive
- Retain it for no longer than is necessary for the purpose
- Give a copy of his/her personal data to that individual on request.
What is the difference between Data Protection and Freedom of Information?
The Data Protection Acts 1988 and 2003 provide similar rights of access as the Freedom of Information Acts, the main difference being that the Data Protection Acts do not apply to records of deceased persons. As with the Freedom of Information Acts, these rights extend to your own personal records.
There are exemptions provided for in the Acts. This means that there are specific circumstances when the requested information will not be released. If any of these exemptions are used to withhold information, the reasons will be clearly explained to you.
When to use the Data Protection Acts?
You may use either the Freedom of Information Acts or the Data Protection Acts to access personal information held by public bodies. However, the Data Protection Acts apply only to your own personal information and requires an application fee. To make an access request for your personal information under the Data Protection Acts 1988 and 2003, please complete the Personal Data Access Request Form and submit to:
Dr. Cheryl Stokes
Data Protection Officer
PSI –The Pharmacy Regulator
15-19 Fenian Street
Dublin 2, D02 TD72
or E-mail: firstname.lastname@example.org.
Please ensure that you describe the records you seek in the greatest detail possible to enable us to identify the relevant records.
An individual can get a copy of his/her data by making a request either under Section 3 or Section 4 of the Data Protection Acts. Under Section 3, an individual has the right to be informed as to whether the PSI holds information about him/her and to be given a description of the data together with details of the purposes for which their data is being kept. Any individual requesting his/her details must do so in writing and the PSI must comply with this request within 21 days. Under Section 4, individuals are entitled to a copy of their personal data upon request. Requests must be responded to within 40 days. The fee of €6.35 is applicable to requests made under Section 4 and may be payable by cheque.
Your entitlements under the Data Protection Acts
When you make a request to access your personal data as outlined in the previous section, a decision will, in normal circumstances, issue within 21 or 40 days of receipt of your request, depending on whether you are making your request under Section 3 or Section 4 of the Data Protection Acts. Details of your entitlement to complain to the Data Protection Commissioner will be included in the decision letter.
You are also entitled to rectify or delete the personal information the PSI hold about you. In order to erase/change your personal information, please complete the Personal Data Rectification/ Deletion Request Form and send to the Data Protection Officer in the PSI (contact details outlined above).
What types of information does the PSI hold?
The types of personal information held by the PSI, the use it makes of such personal information, and possible organisations it may disclose this information to is found on the on the Data Protection Commissioner's website. This list is updated on an annual basis as part of the PSI’s registration with the Data Protection Commissioner.
The PSI operates a Closed Circuit Television system in its premises which captures and stores personal information. This information will be used only for the purposes outlined in our CCTV Policy.