Data Protection

The Department of Justice is committed to protecting the rights and privacy of all individuals in accordance with the EU General Data Protection Regulation, 2016/679 (GDPR) as given further effect in Part 3 of the Data Protection Act 2018.

Under the General Data Protection Regulation (GDPR), personal data is defined as

“any information relating to an identified or identifiable natural person (data subject)”.

This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number (e.g. PPSN), location data or online identifier and covers all electronic, manual and image data which may be held on computer or on manual files.


The GDPR requires that personal data is:

  1. Processed in a way that is lawful, fair and transparent
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  3. Adequate, relevant and is limited to what is necessary
  4. Accurate and kept up to date
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and
  6. Processed in a manner that ensures appropriate security of the data.


The Department’s Data Protection Policy sets out how DJE secures and manages personal data in accordance with the six GDPR principles noted above. Department of Justice Data Protection Policy (English Language Version)

An Irish language version of the policy is available here: Beartas na Roinne Dlí agus Cirt um Chosaint Sonraí


The Data Protection Officer for the Department of Justice is Tara Storey.

Any data protection queries relating to personal data held by the Department of Justice should be directed to the Department’s Data Protection Support and Compliance Office (DPSCO).  The DSPCO can be contacted by e-mail to


Accessing Your Personal Data - Subject Access Request

Among the rights conferred by the GDPR on ‘data subjects’ is the right to obtain a copy of their personal data which is being processed by the Department of Justice.  In order for the Department to identify and locate the personal data sought, you should complete and return our Subject Access Request Form (SAR) ensuring that you provide, in so far as is possible, details of your interaction with our various Offices and Divisions, as well as any specific identifiers (e.g. any previous addresses, date of birth, reference number from previous contact with the Department etc.). In addition, as we need to verify the identity of anyone making a Subject Access Request, you will need to provide us with specific forms of identification (details contained in the SAR form).  Your Subject Access Request will be responded to within one month of the date of receipt or, where difficulty arises in the verification of your identity, within one month of identity verification.


To make a Subject Access Request please complete this form Department of Justice Subject Access Request Form and return it by email to or alternatively by post to:


Data Protection Support & Compliance Office

Department of Justice

51 St Stephen’s Green

Dublin 2.

D02 HK52