Department of Education Logo

Online Patronage Process System (OPPS)

Department of Education Logo
Online Patronage Process System (OPPS)
Data Protection

The Department of Education when processing your data or that of your child adheres to the principles of transparency, accountability and security of the General Data Protection Regulation. This Department has put in place appropriate technical and organisational measures in order to ensure – and to be able to demonstrate – that our processing of your personal data is in compliance with the higher standards of the General Data Protection Regulation (GDPR), having regard to the nature, scope, context and purposes of the processing and the risks of varying likelihood and severity that might arise therefrom for the rights and freedoms of individuals.

Accountability - Data Protection Policy

The Department’s Data Protection Policy sets out the steps to be taken by the Department of Education when processing personal data.

Accountability - Data Subjects' Rights

The GDPR provides the following rights for individuals:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure/right to be forgotten
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling

The Data Protection Commissioner has prepared a Guide to the Rights of Individuals under the General Data Protection Regulation (GDPR)

Data Subjects' Rights - How to Apply

Under Article 15 of the General Data Protection Regulation, you have a right to obtain a copy of any personal information relating to you. To access a copy of personal data held by the Department, in relation to you, please complete the Subject Access Request (SAR) Application Form. The completed form, along with some photographic identification (passport, drivers licence or Public Service Card) together with proof of address (utility bill, official letter) should be returned to the Department’s Data Protection Officer, please see contact details below.


The Department will provide the required information to you at the time personal data is collected. The Department will ensure that the information provided is detailed and specific, and that such notices are understandable and accessible In order to balance the requirements above, the Department may implement appropriate policies to make information available on its website or from schools and other educational organisations. The information provided will include information about personal data collected both directly from the data subject and from other sources.

The Department has taken steps to ensure it provides greater transparency in how it processes your personal data for specific processing activities. Please see the specific privacy notices for the various processing activities undertaken by this Department.


The Department follows best practice in order to protect the confidentiality, integrity and availability of its information processing systems and services.

Accountability - Data Protection Officer

Our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are fulfilled. You can contact our Data Protection Officer at


Address: Department of Education, Data Protection Unit, Cornamaddy, Athlone, Co. Westmeath N35 X659

Phone: (090) 648 3908

What is the General Data Protection Regulation?

The General Data Protection Regulation (GDPR) from 25th May, 2018 replaces current data protection laws in the European Union. The new law gives individuals greater control over their data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by organisations. GDPR also imposes corresponding and greatly increased obligations on organisations that collect this data.

You may find more information on the Data Protection Commissioner’s micro website

What is the Data Protection Act 2018?

The purpose of the Data protection Act 2018 is to give further effect to the GDPR, to transpose the separate Law Enforce Directive into national law and to establish the Data Protection Commission with the means to supervise and enforce enhanced data protection standards in an efficient manner. The GDPR which as an EU Regulation has direct effect does allow national governments a limited margin of flexibility which are provided for in Part 3 of the Act.

What is personal data?

The term "personal data” means any information relating to a living person who is identified or identifiable (such a person is referred to as a "data subject”).

A person is identifiable if they can be identified directly or indirectly using an "identifier”. The GDPR gives examples of identifiers, including names, identification numbers, and location data. A person may also be identifiable by reference to factors which are specific to their identity, such as physical, genetic or cultural factors.

What is processing?

The term "processing” refers to any operation or set of operations performed on personal data. Processing includes storing, collecting, retrieving, using, combining, erasing and destroying personal data, and can involve automated or manual operations.

What is special categories data?

Certain types of sensitive personal data are subject to additional protection under the GDPR. These are listed under Article 9 of the GDPR as "special categories” of personal data. The special categories are: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data processed for the purpose of uniquely identifying a natural person, data concerning health, and data concerning a natural person’s sex life or sexual orientation. Processing of these special categories is prohibited, except in limited circumstances set out in Article 9.

What is Article 10 data?

This is data in respect of criminal convictions or alleged offences.

What is a data subject?

The Data Subject is a living individual to whom personal data relates

What is a data controller?

A data controller refers to a person, company, or other body which determines the purposes and means of processing of personal data.

What is a data processor?

A data processor refers to a person, company, or other body which processes personal data on behalf of a data controller

What are the legal bases for processing personal data?

There are six different legal bases on which personal data may be processed:

  • Consent
  • Contract
  • Legal obligation
  • To protect the vital interests of the data subject or of another
  • Task carried out in the public interest or in the exercise of official authority vested in the controller

Many of the Department’s processing activities are carried out as tasks in the public interest or in the exercise of official authority to the extent that such processing is necessary and proportionate for:

  • the performance of a function of the Minister conferred by or under an enactment or the Constitution, or
  • an administration by or on behalf of the Minister of any non-statutory scheme, programme or funds where the legal basis for such administration is a function of the Minister conferred by or under an enactment or by the Constitution.

What is a retention or storage period?

Personal data should be retained/stored for no longer than is necessary for the purposes or purpose for which it is being processed. As the Department is subject to the National Archives Act, 1986 records with personal data may have to be retained for archiving where there is no disposal order from the National Archives in place with respect to that category of record.

What is meant by data-sharing?

It is where personal data may be shared between two data controllers. The sharing of data is required to have a legal basis and to be transparent.

What is a Privacy Statement?

The policy of the Department is to include a privacy statement on any forms which we may use to collect personal data as part of a processing activity. The statement will provide information on the main purposes for collecting the personal data and whether the data is being shared with any other organisation. The statement will include a link to a more detailed privacy notice and provide more details on the processing activity.

What is a Privacy Notice?

A Privacy Notice is used by the Department to provide details on each processing activity undertaken which involves personal data. It will provide you with information on the purpose; legal basis; source of the personal data where it has not been obtained from you directly (often the department as part of its functions will have received the data via a school or other educational organisation); storage period; persons or organisation to whom the data or part of the data may be disclosed to and why. The Privacy Notice will also provide you with information on your Data Subject Rights and how you can exercise these. It will include relevant contact details. For large processing activities it may provide links to further information or a more detailed Fair Processing Notice for the processing activity.

Where can I get more information about my rights under the Data Protection Act?

The Data Protection Commissioner's Website offers an explanation of the rights and responsibilities under the Data Protection Acts and information is also available from

The Data Protection Commissioner's Office
Canal House,
Station Road,
Co. Laois. R32 AP23

You can contact the Data Protection Commissioner's Office by email ( or by phone 1890 252231.

Contact Details
Address Department of Education
Data Protection Unit
County Westmeath
N37 X659
Telephone (090) 648 3908