Data Protection

What is Data Protection?

Data protection is about ensuring that a person’s personal data is lawfully collected, or with their consent, stored and processed safely, and retained only for as long as is necessary to achieve the purpose for which it has been collected. Data protection legislation has been put in place to ensure that a person’s rights are upheld with regard to the collection and use of their personal data.

The PSI, the pharmacy regulator, is a data controller in relation to the personal information that we hold about registrants, patients, our employees and other parties. We use personal information to enable us to meet our responsibilities in the public interest as the regulatory body for pharmacists and pharmacies in Ireland. All personal information provided to the PSI is treated in the strictest of confidence, maintained securely and treated in accordance with the Data Protection Acts 1988 to 2018, the General Data Protection Regulation (GDPR), and the Pharmacy Act 2007.

Our Data Protection Statement provides details about how the PSI adheres to Data Protection legislation and the GDPR in regard to personal and sensitive personal information.

We have appointed a Data Protection Officer (DPO) who can be contacted by email at or by post to the Data Protection Officer, PSI House, 15-19 Fenian St, Dublin 2, D02 TD72, or by phone on (0)1 2184000.

What is the difference between Data Protection and Freedom of Information?

Data Protection legislation provides similar rights of access as the Freedom of Information Act, the main difference being that the data protection legislation, and GDPR, does not apply to records of deceased persons.

There are exemptions provided for in legislation. This means that there are specific circumstances when the requested information will not be released. If any of these exemptions are used to withhold information, the reasons will be clearly explained to you.

Access to Personal Data

GDPR has enhanced an individual’s right to access information held about them by a data controller (the PSI), to understand how their data is being used, and to seek to correct or erase the data held. The PSI’s Data Protection Statement provides a lot of information about how we treat personal data held by us.

You may use either Freedom of Information legislation or Data Protection legislation to access personal information held by public bodies, but access under the Data Protection legislation applies only to your own personal information. To make a request to the PSI under Data Protection legislation, please complete a Subject Access Request Form.

Data Protection Officer
PSI –The Pharmacy Regulator, PSI House, 15-19 Fenian Street, Dublin 2, D02 TD72 Ireland.
or e-mail:

Please ensure that you describe the records you seek in detail so that we can identify the relevant records. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). There is no cost for making a request. Requests must be responded to within one month.

Further Information

Our Data Protection Statement gives further details about your data rights, the types of information the PSI holds, our retention policy, and how we work in compliance with the relevant Data Protection legislation and the GDPR.

Additional information is also available from the Data Protection Commission, which is responsible for upholding the rights of individuals under Data Protection legislation.

While the PSI previously made available Guidance on Data Protection for Pharmacists, that guidance is no longer relevant under the GDPR and Data Protection legislation, and has been removed from our website. The website of the Data Protection Commission and GDPRandYou should be consulted in regard to the enhanced responsibilities of organisations/businesses in relation to personal data held by them. The PSI cannot give advice to others on data protection.

The PSI operates a Closed Circuit Television (CCTV) system in its premises which captures and stores personal information. This information will be used only for the purposes outlined in our CCTV Policy.

Related information is available about our commitment to privacy on this website and our Cookies Policy under Terms of Use.