Data Protection
Fiosrú, Office of the Police Ombudsman is committed to protecting the rights and privacy of all individuals. As a Data Controller, Fiosrú is subject to the EU General Data Protection Regulation (GDPR), the EU Law Enforcement Directive (LED) and the Data Protection Act, 2018 (“Data Protection Legislation”).
Data Protection legislation grants rights to you as an individual and imposes obligations on Fiosrú when processing personal data.
A Data controller means that Fiosrú determines the purpose of the personal data it obtains and how it will be processed.
Legal Basis for processing personal data
In order to perform our statutory functions, Fiosrú is required to process significant amounts of personal data. The Policing, Security and Community Safety Act, 2024 is the legislation which governs Fiosrú’s statutory functions and the legal basis for processing personal data.
Fiosrú’s statutory functions, include:
- To deal with complaints concerning Garda conduct;
- To conduct independent investigations following a referral from An Garda Síochána;
- To investigate matters in relation to the conduct of Gardaí in the public interest.;
- To report the results of those investigations to the Office of the Director of Public Prosecutions or the Garda Commissioner.
Personal data processed by Fiosrú
In order to perform our statutory functions, Fiosrú processes personal data about individual members of the public and individual garda members. Fiosrú processes the following types of information:
- Name
- Address
- Email address
- Date of Birth
- Gender
- Garda rank
- Garda registration number
- Name of next of kin
- Phone numbers
Fiosrú may also collect personal data of a sensitive nature or special category data as defined under data protection legislation, which includes:
- racial or ethnic origin, through our questionnaires.
- genetic and biometric data for the purpose of uniquely identifying a natural person, which may be collected for the purposes of a criminal investigation.
- data concerning health, including medical records or injury photographs, which may be collected for the purposes of investigating a complaint.
Personal data is normally obtained directly from you. In certain circumstances, it will, however, be necessary to obtain data from third parties such as An Garda Síochána, independent witnesses, medical professionals or CCTV footage.
Rules for processing personal data
Data Protection Legislation requires Fiosrú to process personal data in accordance with the following principles:
- Processed in a way that is lawful, fair and transparent;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Adequate, relevant and is limited to what is necessary;
- Accurate and kept up to date;
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and
- Processed in a manner that ensures appropriate security of the data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, through the use of appropriate technical organisational measures.
Who does Fiosrú share personal data with?
Fiosrú will only disclose personal data to a third party when it is necessary for the performance of Fiosrú’s functions or is otherwise authorised or mandated by law.
Examples:
Fiosrú will share personal data with An Garda Síochána to enable us to effectively investigate complaints. Personal data in relation to Fiosrú staff members may be shared with other government departments including, the National Shared Services Office.
Fiosrú’s Data Protection Policy sets out how we obtain and process personal data. This policy is available here.
Data Protection Rights
You have the following rights under the Data Protection Legislation, although your ability to exercise these rights may be subject to certain conditions:
- The right to receive a copy of and/or access the personal data that we hold about you together with other information about our processing of that personal data;
- The right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete:
- The right, in certain circumstances, to request that we erase your personal data;
- The right, in certain circumstances, to request that we no longer process your personal data the way in which we process it;
- The right, in certain circumstances, to transfer your personal data to another organisation;
- The right to object to automated decision making and/or profiling; and
- The right to complain to the Data Protection Commissioner.
Data Protection Commission
If you wish to know more about your data protection rights please visit the Data Protection Commission (DPC) website here or at www.dataprotection.ie
Further Information
If you have any queries in relation to how your personal data is processed, please contact our Data Protection Officer, Ms Pauline Byrne at the details below.
Email: data.protection@fiosru.ie
Phone: 0818 600 800