The General Data Protection Regulation (GDPR) came into effect on 25th May 2018 and replaced previous data protection laws in the European Union.
The new law gives individuals greater control over their data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by organisations.
Personal data is any information that can identify an individual person. This includes a name, an ID number, location data (for example, location data collected by a mobile phone) or a postal address, online browsing history, images or anything relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.
The GDPR is based on the core principles of data protection which existed under previous law. These principles require organisations and businesses to:
- collect no more data than is necessary from an individual for the purpose for which it will be used
- obtain personal data fairly from the individual by giving them notice of the collection and its specific purpose
- retain the data for no longer than is necessary for that specified purpose
- keep data safe and secure
- provide an individual with a copy of his or her personal data if they request it
User Volunteered Information
The AEC does not collect any personal information on this Web site without your permission. All information volunteered within online forms is treated as confidential in accordance with applicable Irish data protection legislation and with the General Data Protection Regulation 2016. Personal information requested by online forms shall be used for the purpose set out on the online form.
Automatically Obtained Information
Cookies are small text files placed on your browsing device and more information about cookies and how to manage or disable them can be found here: www.aboutcookies.org.
Cookies may be used to collect non-personal information about how visitors use our website.
If a cookie does not contain an expiration date it is referred to as a temporary session cookie. Temporary session cookies are stored in memory and never written to disk, when the brower closes the cookie is permanently lost from this point on. Temporary session cookies may be used in some areas to enable specific functionality.
If the cookie contains an expiration date, it is considered a persistent cookie. On the date specified in the expiration, the cookie will be removed from the disk. Persistent cookies may be used to remember your display preferences (e.g. preferred text size) the next time you visit. These cookies exist on your computer for 30 days after you have visited but they contain no private or sensitive data.
Some cookies present on our site are not related to the AEC such as those that may be present on pages with embedded content from Facebook, Twitter and Instagram for example. The AEC does not have any control or influence on the operation of these third party cookies. You should check the websites concerned for more information in relation to their cookie policies.
The AEC does not use malware, spyware, or adware in any form or fashion.
If you wish to obtain details about personal data that this department may be processing relating to you then please download the Subject Access Request form by clicking on the link below.
Please return the completed form, either by post to:
Data Protection Officer,
Department of Rural and Community Development,
10-11 Leinster Street South
Or by email to: firstname.lastname@example.org
What information can I obtain with a GDPR request?
Under the GDPR individuals have the significantly strengthened rights to:
- obtain details about how their data is processed by an organisation or business
- obtain copies of personal data that an organisation holds on them
- have incorrect or incomplete data corrected. If you think that your personal data is not accurate or relevant you can contact us either in writing or by email. You should set out clearly the personal data involved and the reasons why you consider it to be inaccurate and or irrelevant.
- have their data erased by an organisation, where, for example, the organisation has no legitimate reason for retaining the data
- obtain their data from an organisation and to have that data transmitted to another organisation (Data Portability)
- object to the processing of their data by an organisation in certain circumstances
- not to be subject to (with some exceptions) automated decision making, including profiling
When will I receive a reply?
You will receive an acknowledgement letter from us once we have verified that your Subject Access Request form is fully completed and when we have also verified your identity based on the documentation you provide. We will reply to requests within a calendar month but we do reserve the right to extend that deadline by up to two months if the request is complex or if we are processing numerous requests at that time. In such cases we will notify you of the requirement to extend the deadline within a month of receiving the request and we will provide a reason for the delay.
How much does it cost to make a GDPR request?
If the Subject Access Request is either unfounded, excessive or repetitive the Department will charge for dealing with the request by levying a fee to take into account the administrative costs of providing the information. In all other cases the service is free of charge.
Data Protection Policy
The Department’s Data Protection Policy can be downloaded by clicking on the below link:
Where can I find more information regarding Data Protection?
More comprehensive information on GDPR can be found on the Data Protection Commissioner’s website: www.dataprotection.ie