Data Protection

Data Protection
All personal data processed by the Department of Tourism, Culture, Arts, Gaeltacht, Sport and Media will take place in accordance with the law on data protection and will only be for the purposes connected to the functions of this Department.

The Department is fully committed to keeping all personal data submitted by its customers, fully safe and secure during administrative processes. All necessary technical measures have been put in place to ensure the safety and security of the systems which hold this data.

Data Protection information will be updated on this page from time to time.


The Department fully respects your right to privacy. Any personal information which you provide to the Department will be treated with the highest standards of security and confidentiality, strictly in accordance with the Data Protection Acts 1988-2018. The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation on data protection and privacy for all individuals within the European Union.  It came into force across the European Union on 25 May 2018.  It replaces the previous data protection directive which has been in force since 1995 and forms the basis of our new Data Protection Irish laws (Data Protection Acts 1988-2018).

Who is the Data Controller?

The Data Controller for the collection and processing of all personal data in the Department of Tourism, Culture, Arts, Gaeltacht, Sport and Media is the Department itself.

How do I contact the Data Protection Officer?

The Data Protection Officer can be contacted as follows:

Data Protection Officer
Department of Tourism, Culture, Arts, Gaeltacht, Sport and Media
23 Kildare Street
D02 TD30

Email: [email protected]

Data Protection Policy

The Department’s Data Protection Policy can be found at the following link:

What are my rights under Data Protection legislation?

When you, as a customer, provide personal data to the Department, you have certain rights available to you in relation to that data. However, it should be noted that not all rights listed shall be applicable in every circumstance. These rights are outlined below and can be exercised by contacting the Data Protection Officer, as detailed above, indicating which right(s) you wish to exercise:

  • Access to your personal data – for information on the right to access, including how to submit a Subject Access Request, please see the following link:
  • Rectification of your personal data;
  • Data portability;
  • Restriction of the processing of your personal data;
  • Objection to the processing of your personal data;
  • Withdrawing consent if previously given to the processing of your personal data;
  • Erasure of your personal data;
  • Right to lodge a complaint with the Supervisory Authority (Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28 –;

Are there any restrictions?

Yes – Section 61(1) allows for restrictions on the exercise of the rights of data subjects where processing is for archiving purposes in the public interest. The rights of a data subject set out in Articles 15 (right of access), 16 (right to rectification), 18 (right to restrictions of processing), 19 (right to notification of rectification, erasure or restriction of processing of personal data), 20 (right to data portability), and 21 (right to object) of the GDPR are restricted to the extent that the exercise of any of those rights would be likely to render impossible, or seriously impair, the achievement of those purposes, and such restriction is necessary for the fulfilment of those purposes.

Where processing is taking place at the same time for any other purpose, other than archiving purposes in the public interest, these restrictions will only apply to processing for archiving purposes in the public interest.

Where will my personal information be shared?

At all times, your personal data will only be shared where there is a valid legal basis to do so and in accordance with the appropriate Data Protection legislation.

Parliamentary Questions and Representations from Public Representatives

In replying to Parliamentary Question requests, all personal information is taken out of the reply which later goes to form the public record.

Information processed for this purpose will only be retained for as long as there is a business need to do so and thereafter will be marked for deletion and will be destroyed in line with internal guidelines or guidelines for destruction received from the National Archives of Ireland or associated permissions received from them.

Anonymising or pseudonymising personal data

Where possible, the Department may anonymise or pseudonymise (mask) personal data so that the personal data will only be available to those who have a clear business need to see it.

Technical information on data collected

Technical information on the cookies used on our Department’s website is available here.

Record of Processing Activities (ROPA)

The General Data Protection Regulations (GDPR) came into force in May 2018, in which Article 30 included a requirement for all public bodies to produce a Record of Processing Activities, or a ROPA.

This document is an inclusive and non-exhaustive list of the processes undertaken by sections within the Department that utilise personal data; by nature it takes the form of a living document, which will be updated regularly with changes and amendments. If you have any queries regarding specific processes which utilise personal data that are not covered by this document, please contact the Data Protection Officer, as detailed above.