Filter

Question

342. Deputy Fergus O'Dowd asked the Minister for Justice if her Department is fully compliant with GDPR EU requirements, the EU network and Information Security Directive and standards with respect to her Department’s IT infrastructure including Article 29 of GDPR which requires that data processors access only the data they need for their task; if ISO 27001 Annex 9 standards on privileged access are fully met; and if she will make a statement on the matter. [27343/21]

343. Deputy Fergus O'Dowd asked the Minister for Justice if any state or semi state bodies which report to her Department are fully compliant with GDPR EU requirements and the EU network and Information Security Directive and standards with respect to their IT infrastructure including article 29 of GDPR which requires that data processors access only the data they need for their task; if ISO 27001 annex 9 standards on privileged access are fully met; and if she will make a statement on the matter. [27362/21]

Answer

Minister for Justice (Deputy Heather Humphreys): I propose to take Questions Nos. 342 and 343 together.
My Department is fully compliant with EU requirements under the GDPR and the EU Network and Information Security and standards with respect to IT Infrastructure. The delivery of my Department’s ICT operations is supported by a managed service provider who is accredited to ISO 20000 standard. While my Department is not ISO 27001 certified, it operates a number of similar standards and specifically operates a Role Based Access Control policy and standard in relation to data access on the shared service which delivers ICT services to my Department and connected agencies. I am informed that the offices, agencies and bodies under my Department’s aegis that are not part of the shared service also operate within these guiding principles and meet the appropriate standards on privileged access. Question No. 343 answered with Question No. 342.