General Data Protection Regulation (GDPR)An Garda Síochána becomes subject to the (EU) General Data Protection Regulation (GDPR) from the 25th May 2018 and the Police & Criminal Justice Authorities Directive (LED) from the 6th May 2018. The LED must be transposed into Irish domestic legislation as part of the new Data Protection Act, 2018, due to be published later this year.The GDPR and the LED increase the rights of individuals and place additional obligations on organisations. These obligations apply regardless of whether data is held electronically, on paper or by other means.The GDPR and the LED are underpinned by important principles relating to the processing of personal data. Personal data shall be:Processed lawfully, fairly and in a transparent manner in relation to the data subjectPersonal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposesPersonal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processedPersonal data shall be accurate and, where necessary, kept up to datePersonal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processedPersonal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measuresThe controller shall be responsible for, and be able to demonstrate compliance with the GDPR.In addition, both the GDPR and LED introduce new obligations which will require detailed consideration by all organisations involved in the processing of personal data.With that in mind, An Garda Síochána is working to ensure that the Garda organisation is fully compliant with the GDPR and the LED:Mr Barry Lavin was appointed as the Data Protection Officer (DPO) for An Garda Síochána on the 9th April 2018.A new Data Protection Unit has been established with support staff to assist the DPO in all matters pertaining to Data Protection.An Garda Síochána is developing a record of all processing activities. This process is at an advanced stage.All current and future projects within An Garda Síochána that involve “high-risk” processing of personal data will be subject to a Data Protection Impact Assessment. The concepts of ‘Privacy by Design & Default’ will be a key consideration in the initial design stages of all future projects.An Garda Síochána is ensuring that all current and future contracts with third party organisations who hold personal information are compliant with both the GDPR and the LED.Further information will be posted here on the progress of implementation.