Skip to main content

Data protection - HSE staff

Data protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data.

We must lawfully and fairly process personal data about service users, employees, suppliers and other individuals.

This page contains guidance and forms to help HSE staff in understanding the requirements of data protection regulation.

Glossary of data protection terms (PDF, 363KB, 2 pages)

Data protection and password security

Your login details must be kept private. This helps to keep data secure for our patients, service users and staff.

Updated information on dealing with data breaches

Information about personal data breaches, reporting a breach and common examples of personal data breaches across HSE in 2021

International transfers of personal data

Special rules apply to international transfers of personal data. Transferring personal data to a destination outside the EEA (known as a third country) must comply with transfer mechanisms prescribed by GDPR.

Record of processing activities (ROPA)

To comply with article 30 GDPR, the HSE must retain a record of processing activities (ROPA), demonstrating how we comply with data protection regulations and amending incorrect data. HSE staff responsible for data collection and processing personal data for a service must complete the ROPA.


Fundamentals of GDPR training

Reduce the risk of a data breach - guidance on safer use of email, handling paper records and protecting personal data (videos)

Policies and guidelines

HSE data protection policy

Password privacy reminder (Word, 60KB, 1 page)

Data protection procedures for handling requests for access to records (PDF, 330KB, 8 pages)

Data protection summary leaflet (PDF, 167KB, 2 pages)

Privacy notice employees (PDF, 380KB, 8 pages)

Privacy notice for patients and service users

General Data Protection Regulation (GDPR) - it's everyone's responsibility (PDF, 389KB, 10 pages)

Data breach guidance (PDF, 404KB, 6 pages)

Forms and template letters

Data breach

Data breach incident reporting form (internal) (to be completed by HSE employees and their line manager). Refer to Data breach guidance (PDF, 404KB, 6 pages)

Data breach incident reporting form (external) (to be completed by data processors when notifying the HSE as a data controller)

Privacy Impact Assessment (PIA)

Privacy Impact Assessment (PIA) process guidance (PDF, 213KB, 10 pages)

Privacy Impact Assessment (PIA) form. Refer to Data protection procedures for handling requests for access to records (PDF, 330KB, 8 pages)

Subject Access Request (SARS)

Subject Access Request (SARS) form (PDF, 76KB, 1page)

SARS form as gaeilge (PDF, 171KB, 1 page)

Template letters

Data protection and GDPR template letters (Word, 51KB, 14 pages)


Request for rectification/erasure of personal data under GDPR (PDF, 209KB, 3 pages)

GDPR data disclosees (PDF, 141KB, 3 pages)

GDPR records of processing activities template (Excel, 580KB)

GDPR faqs (PDF, 178KB, 7 pages)


Subject Access Requests (SARS) poster (PDF, 221KB, 1 page)

Subject Access Requests (SARS) poster as gaeilge (PDF, 81KB, 1 page)

Data protection notice (Powerpoint, 495KB, 1 page)

GDPR staff notice (PDF, 110KB, 1 page)

Personal data in the HSE poster (PDF, 74KB, 2 pages)

Privacy poster (PDF, 179KB, 1 page)

Reduce your risk of a data breach

Reduce the risk of a data breach - guidance on safer use of email, handling paper records and protecting personal data


Data Protection Officer

Orlaith Magee, Acting DPO and Head of Data Protection


Area Data Protection Officers

Deputy Data Protection Officer West (excluding voluntary agencies)

  • CHO 1 – Cavan, Donegal, Leitrim, Monaghan, Sligo
  • Community Healthcare West – Galway, Mayo, Roscommon
  • Mid-West Community Healthcare – Clare, Limerick, North
  • Tipperary
  • Saolta Hospital Group

Phone: 091 775 373
Address: Consumer Affairs, Merlin Park University Hospital, Galway

Deputy Data Protection Officer Dublin North-East (excluding voluntary hospitals and agencies)

  • Midlands, Louth, Meath Community Health Organisation
  • Community Health Organisation Dublin North City & County
  • CHO 6 – Dublin South East, Dublin South and Wicklow
  • RCSI Hospital Group
  • National Children’s Hospital

Phone: Kells Office: 046 925 1265
Phone: Cavan Office: 049 437 7343
Address: Consumer Affairs, HSE Dublin North East, Bective St., Kells, Co Meath

Deputy Data Protection Officer Dublin mid-Leinster (excluding voluntary hospitals and agencies)

  • Dublin Midlands Hospital Group
  • Ireland East Hospital Group
  • Community Healthcare Dublin South, Kildare and West Wicklow

Phone: Tullamore Office: 057 935 7876
Phone: Naas Office: 045 920 105
Address: Hospital Campus, Arden Road, Tullamore, Co. Offaly

Deputy Data Protection Officer South (excluding voluntary hospitals and agencies)

  • Cork and Kerry Community Healthcare
  • CHO 5 – Carlow, Kilkenny, South Tipperary, Waterford, Wexford
  • UL Hospital Group
  • South South-West Hospital Group

Phone: Cork Office: 021 492 8538
Phone: Kilkenny Office: 056 778 5598
Address: Consumer Affairs, HSE South, Ground Floor East, Model Business Park, Model Farm Road, Cork T12 HT02

General Data Protection Guidance Regulation (GDPR)

Data Protection Commission

Health Research Board

European Data Protection Board statement

HSE Data Protection and Research

Page last reviewed: 04/11/2021
Next review due: 04/11/2024