The EU General Data Protection Regulation 2016/69 (GDPR) was introduced on 25 May 2018. It was transposed into Irish law by the enactment of the Data Protection Act 2018.
This European and national legislation regulates the processing of personal data of a living person (known as a ‘data subject’). Essentially, it is designed to strengthen the protection of the rights and freedoms of data subjects.
The Mental Health Commission is fully committed to the protection of the rights and freedoms of individuals whose personal data it holds. For further information on how the MHC collects, stores and uses personal information relating to data subjects, please see the MHC’s Data Protection Statement.
The Mental Health Commission is a Data Controller for all personal data collected for the purpose of its activities.
Contact details of the Data Protection Officer (DPO)
Should you have questions about how the MHC uses your information or you are concerned about any issue related to your personal data, you may contact the DPO. The contact details are as follows:
Data Protection Officer, Mental Health Commission, Waterloo Exchange, Waterloo Road, Dublin 4, DO4 E3W7
Your data protection rights
Under data protection legislation, data subjects have designated rights. Subject to certain restrictions, which are set out below, you can exercise these rights in relation to your personal data that is processed by the MHC. The data subject’s rights are:
- The right to be informed about the processing of your personal data
- The right to access your personal data
- The right to rectification of your personal data
- The right to erasure of your personal data
- The right to data portability
- The right to object to processing of your personal data
- The right to restrict processing of your personal data
- Rights in relation to automated decision making, including profiling
- How can I access my personal data (Data Subject Access Request)?
To make a request, please write to the Data Protection Officer, Mental Health Commission, Waterloo Exchange, Waterloo Road, Dublin 4, DO4 E3W7 or email DPFOI@mhcirl.ie. In your correspondence, you should:
- state that you are making your request under the GDPR and Data Protection Act 2018
- provide as much information as possible about the records you require
- specify how you would like to receive the records – that is, would you like to receive the records by post or by email?
- Alternatively, you may use the Data Subject Access Request Form.
Please note: Before you are given access to personal information relating to yourself, you will be asked to provide proof of identity. These are as follows;
- a copy of your identification bearing your full name and photograph (for example, passport, driver’s licence, etc.)
- proof of address to which the materials will be sent (for example, the top of a utility bill bearing both your name and address) – this must be less than 6 months old
This is requested to ensure that information is released to the appropriate person and postal/email address.
Third party authorisation
When making a Data Subject Access Request, you may request that your records be sent to a third party who you appoint (e.g. a solicitor, health professional, family member, etc.). If you choose to do so, you must complete this form and attach it to your letter, email or Data Subject Access Request form.
Further guidance on data protection
The Data Protection Commission (DPC) is the supervisory body for the GDPR in Ireland. Its website provides general information on the GDPR and other relevant information on the protection of the rights and freedoms of individuals in relation to the processing of their data. The DPC can be contacted as follows:
Address: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28
Phone: (0761) 104 800 or (057) 868 4800