Data Protection policy

This Policy defines the arrangements in place within the setting that assures compliance to the requirements of The Data Protection Act, 1998 and General Data Protection Regulations, 2018, as relevant to the organisation’s business interests:

The Data Protection Act, 1998 and General Data Protection Regulations, 2018 address certain requirements for all organisations that collect and process personal data as part of their on-going business operations. Personal data is defined as any information relating to an “identifiable living individual” and will therefore apply to the organisation’s young people attending the setting, and their parents / carers employees and suppliers.

The Data Protection Act, 1998 and General Data Protection Regulations, 2018 apply to any data recorded in a filing system that allows personal data to be easily accessed.

The Data Protection Act, 1998 and General Data Protection Regulations, 2018 apply to records kept in hard copy (paper) format, and in computer files.

Principles of Data Protection

The organisation is committed to the enforcement of the eight data protection principles required by the Data Protection Act, 1998 and General Data Protection Regulations, 2018 in relation to the data it keeps on young people and its employees. In summary, data will:

  • be fairly and lawfully processed.

  • be processed for limited purposes and not in any manner incompatible with those purposes.

  • be adequate, relevant, and not excessive.

  • be accurate.

  • not be kept for longer than is necessary.

  • be processed in accordance with individuals' rights.

  • be secure; and not be transferred to countries without adequate protection.


In this respect the following additional policies within the documentation system are relevant:

Policy Details

The organisation will require written consent from each individual for personal data to be collected and processed. In this respect it will be taken that consent is implied through the following:

Public/Service users - by the adult/ young person /parent or carer who signs the Membership/booking Form and consent Forms for their child / children (where appropriate)

Employees - by completing the Job Application Form at onset of employment, and where the employee has not registered an objection to their data being used.

All individuals, parents, carers, and employees, have the right of access to manual and computerised records concerning their personal data.

Where it is deemed necessary to divulge personal data to a third party this will only be done with the express permission of the individual subject, ref. Confidentiality Policy.

Personal data and records will be maintained under appropriate conditions of security to prevent any unauthorised or accidental disclosure. Records can be hard copy (paper) format and computer files.