Access to personal records

30th June 2016

If you give your personal details to a person or an organisation they have a responsibility to keep your personal details private and safe. This does not arise if you go to your local newsagents and buy the weekly newspaper. It does arise, however, if you have a loyalty tag for a larger supermarket, such as Supervalu, Dunnes or Tesco. In those circumstances, information has been gathered by the supermarket each time that your tag is swiped. This constitutes personal information and you have a right to access that information under the Data Protection Acts. You also have a right to have that information deleted or amended in certain cases.

Having access to your personal information in the possession of others is important. Since 1988 there is a formal procedure in place for this. The Data Protection Commissioner was established in 1988 to act as an adjudicator when people cannot access their own personal information and to police the handling of personal information. Those who hold personal information are called Data Controllers and they have extensive responsibilities.

Making an application to access personal information usually happens when people are dealing with their Banks, Building Societies, Hospitals or Health Care Providers. All organisations can be requested to provide personal information under the Data Protection Acts. However, it is important to note that you are only entitled to request your own personal information.

Any application can be made to any organisation that holds personal data.

The procedure is that a written request must be submitted together with a fee in the sum of €6.35. The Data Controller of that organisation has 40 days to reply. If they do not reply, then a formal complaint can be made to the Data Protection Commissioner.

There are a number of circumstances where personal information will not be made available to the person making the request.

There is a large responsibility on Data Controllers to correctly hold personal information and to abide by valid data protection requests.

For further details, please contact –