You are here: Home > Services > Your Council >Data Protection

Data Protection

Data Protection Policy

What is Data Protection?

Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of their personal data.  People supply information about themselves to government bodies, banks, insurance companies, medical professionals and many others in order to avail of services or satisfy obligations.  For the purpose of data protection, organisations or individuals who control the contents and use of personal data are known as data controllers (e.g. North Tipperary County Council).  The Data Protection Acts 1988 and 2003 confer rights on individuals as well as responsibilities on those persons processing personal data.  These rights apply where the information is held:

The principal function of North Tipperary County Council is to provide a wide range of services to the people of North Tipperary under the following main headings:

In performing its functions, North Tipperary County Council is required to process significant amounts of Personal Data within the remit of the Data Protection Acts 1988 and 2003.  We respect the privacy of those whose personal data we process and are aware of our obligations under the Data Protection Acts.  Personal Data is defined as data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller.

Responsibilities of North Tipperary County Council as a Data Controller:

North Tipperary County Council is registered as a Data Controller with the Office of the Data Protection Commissioner (Registration Number 0196/A).  Particulars of our registration are available online at  Under the Rules of the Data Protection Acts North Tipperary County Council must:

1. Obtain and process data fairly.

2. Keep data only for one or more specified, explicit and lawful purposes.

3. Use and disclose data only in ways compatible with these purposes.

4. Keep data safe and secure.

5. Keep data accurate, complete and up-to-date.

6. Ensure that data is adequate, relevant and not excessive.

7. Retain data for no longer than is necessary for the purpose or purposes.

8. Give a copy of his/her personal data to that individual, on request.

Individuals who wish to obtain a copy of personal data in accordance with the Data Protection Acts 1988 and 2003 should apply in writing to the Data Controller Compliance Officer of North Tipperary County Council.

On making an access request any individual, about whom personal data is kept is entitled to:

Amalgamation with South Tipperary County Council:

In the preparation for the merger of North and South Tipperary County Councils in June 2014 information may be disclosed to South Tipperary County Council in relation to all our services and functions.  This disclosure may include personal data which it is necessary to share for the purposes of the amalgamation. 

How to apply for a copy of personal data held by North Tipperary County Council:


Every individual about whom a data controller keeps personal information has a number of other rights under the Act, in addition to the Right of Access.  These include the right to have any inaccurate information rectified or erased, to have personal data taken off a direct marketing or direct mailing list and the right to complain to the Data Protection Commissioner.

In response to an access request the Council will:


Data Protection Breach:

A data security breach can happen for a number of reasons which include:


In order to manage data protection breaches the following steps must be followed:

  1. Any breach of data protection should be reported immediately to staff member’s line manager.
  2. The Line Manager must then in turn report it in writing to the Data Controller Compliance Officer.   
  3. Details of a breach should be reported accurately, including date and time the incident occurred, when it was detected, who reported the incident, details of any ICT system involved.
  4. The Data Controller Compliance Officer will notify the Data Protection Commissioner where relevant.
  5. Arrangements must be put in place by each section to notify the person(s) involved whose personal data has been breached.
  6. Following the Data Protection breach, the Data Controller Compliance Officer will investigate how the breach occurred, the implications of the breach and the measures required to prevent reoccurrence. 

The current Data Controller Compliance Officer is Rosemary Joyce, Senior Executive Officer, Corporate Support.  She can be contacted on 067 44563 or by email on

The attention of all staff will be drawn to this policy through:

  1. Publication on the Intranet.
  2. Circulation to all Section Heads.