As a state agency, the Charities Regulator is bound by the Freedom of Information Act 2014 and the Data Protection Acts 1998 & 2003.
Freedom of Information
The Freedom of Information Act 2014 (the Act) provides the following statutory rights:
- the right to access records held by public bodies covered by the Act;
- the right to have personal information in a record amended, where such information is incomplete, incorrect or misleading;
- the right to obtain reasons for decisions taken by public bodies affecting the person.
These rights mean that from 21 April 1998, people can seek access to personal information held about them, no matter when the information was created, and to other records containing non-personal information created after 21 April 1998.
Section 8 of the Act requires the Charities Regulator to prepare and publish a scheme concerning the publication of information by our organisation. Our scheme has been prepared in accordance with the guidelines provided by the Department of Public Expenditure and Reform.
For access to information under the Freedom of Information Act, please e-mail email@example.com
What is Data Protection?
Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data.
Data Protection Acts of 1988 and 2003 and the General Data Protection Regulation (GDPR)
The Data Protection Acts of 1988 and 2003 and the General Data Protection Regulation (GDPR) are designed to protect the privacy of the individual as regards the collection, processing, keeping, use and disclosure of personal data. They give rights to the individual relating to personal data, and impose obligations on data controllers.
Under the Acts, as a data controller, the Charities Regulator has the following obligations:
- Data must be obtained and processed fairly;
- Data must be accurate, complete and where necessary, kept up to date;
- Data must have been obtained for only one or more specified, explicit and legitimate purpose;
- Data must not be further processed in a manner incompatible with that purpose;
- Data must be adequate, relevant and not excessive in relation to the purpose for which they were collected or are further processed;
- Data must not be kept for longer than is necessary for that purpose;
- Appropriate security measures must be taken against unauthorised access to, or unauthorised alteration, disclosure or destruction of the data, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and;
- All personal data held by the Charities Regulator must be registered with the Data Protection Commissioner.
The Charities Regulator owes a duty of care to the data subjects concerned. It must take the utmost care not to cause harm or distress to any member of the public by, for example, maintaining inaccurate information on file or disclosing personal data.
The Charities Regulator takes its statutory obligations extremely seriously, and expects its staff to act in strict accordance with its obligations. Any breach of trust with regard to the confidentiality of information is treated as serious misconduct and may result in disciplinary action up to and including dismissal in accordance with the terms of the Disciplinary Code.
- Every person has the right to access personal data held on computer or in a manual filing system. A person can make a subject access request to any organisation or any individual who holds personal data about them (response to be given promptly but in any event no later than 40 days from receipt of the request).
- Every person has a right to be given a description of the data about them and the purposes for which it is kept (response to be given within 21 days of request).
- If the data held about an individual is inaccurate they have a right to have that data corrected or annotated. In some cases the person may request that the data is erased – for example, if the body keeping the data has no good reason to hold it or if the data has not been obtained fairly. A person can also request that the data be blocked i.e. to prevent it from being used for certain purposes.
- Any individual who suffers damage through the mishandling of personal data may be entitled to claim compensation through the courts of law.
- A data protection access request must be made in writing via the online query form here, or to:
Meiread Ashe - Data Protection Officer
3 George’s Dock
- Alternatively, please email DPA@charitiesregulator.ie
- A request should be as specific as possible, to quickly identify where the particular data is held. A response to an access request will issue as soon as is possible and within one month.
- Sections 4 & 5 of the Data Protection Acts set out a number of circumstances under which the right to access personal records can be limited.
The Data Protection Commissioner’s website offers a comprehensive outline and explanation of the rights and responsibilities extended under the Data Protection Acts (dataprotection.ie) Information is also available from:
Data Protection Commissioner’s Office
You can contact the Data Protection Commissioner’s Office by email (firstname.lastname@example.org) or by phone at 1890 252 231.