Data Protection

The General Data Protection Regulation (GDPR) replaces the old data protection laws in the European Union. The GDPR gives individuals greater control over their personal data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by organisations. The GDPR also imposes obligations on organisations that collect personal data.

GDPR is based on the core principles of data protection. These principles require organisations and businesses to:

• collect no more data than is necessary from an individual for the purpose for which it will be used
• obtain personal data fairly from the individual by giving them notice of the collection and its specific purpose
• retain the data for no longer than is necessary for that specified purpose
• to keep data safe and secure
• provide an individual with a copy of his or her personal data if they request it

Under the GDPR individuals have the significantly strengthened rights to:

• obtain details about how their data is processed by an organisation or business
• obtain copies of personal data that an organisation holds on them
• have incorrect or incomplete data corrected
• have their data erased by an organisation, where, for example, the organisation has no legitimate reason for retaining the data
• obtain their data from an organisation and to have that data transmitted to another organisation (Data Portability)
• object to the processing of their data by an organisation in certain circumstances
• not to be subject to (with some exceptions) automated decision making, including profiling

Personal data is any information that can identify an individual person. This includes a name, an ID number, a postal address, online browsing history, images or anything relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.

A data controller is a person, or group of people, who determines the purposes and means of processing of personal data. The Mater Hospital is a data controller.

The GDPR provides the following rights for individuals:

1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure/right to be forgotten
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling

The Data Protection Commissioner has a useful Guide to the Rights of Individuals under the General Data Protection Regulation (GDPR) available here.

Yes, you can see your information on request. Just contact us by email at dataprotection@mater.ie or phone 01 803 4311. Alternatively, you can fill out our Subject Access Request Form. We will need to confirm your identity before we release the information.

If you are unhappy with our response to your request, you can contact the Data Protection Commission:
Data Protection Commission
Canal House
Station Road
Portarlington
Co. Laois

Tel: 1890 252 231
Email: info@dataprotection.ie 
Website: www.dataprotection.ie

Information on how and why we process your personal data online is available in our web privacy notice. The Mater Hospital follows best practice in order to protect the confidentiality, integrity and availability of its information processing systems and services. If you need additional information about this you should contact the Data Protection Officer.

Yes, the Mater Hospital has a Data Protection Officer. Our Data Protection Officer monitors how we collect, use, share and protect information to ensure data subject rights are fulfilled. You can contact our Data Protection Officer at:

Address:
Data Protection Officer,
Mater Misericordiae University Hospital,
Eccles St, Dublin 7,
D07 R2WY

Email: dataprotection@mater.ie
Phone: +353 1 803 4035