General Data Protection Regulation

HSELanD has been working extensively in the lead up to the GDPR compliance deadline of May 25th 2018. As a valued member of HSELanD we are obligated to provide a mechanism for you to be able to contact us if you have any queries or quests in relation to your data.

Please do not use the below facility to report issues such as login difficulties or technical issues. For this type of query or support, please refer to the Help section on the HSELanD homepage.

If you wish to make a GDPR related request or query, please complete and submit in the provided facility below:

Please note:

Under the terms of GDPR, HSELanD has one calendar month to respond to your request or query.

Frequently Asked Questions

Below are some FAQ's in relation to HSELanD position on GDPR principles.

The EU’s General Data Protection Regulation (GDPR) was introduced to unify all EU member states' approaches to data regulation, ensuring all data protection laws are applied identically in every country within the EU.

GDPR protects EU citizens from organisations using their data irresponsibly and puts them in charge of what information is shared, where and how it's shared.

The GDPR is due to come into force on 25 May 2018, it will still apply to all businesses handling EU residents' data, effectively replacing the Data Protection Act 1998.

Under Article 6 of GDPR the following lawful basis for processing data applies:

Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

HSELanD processes personal data relating to corresponding training records to comply with its legitimate interest to provide employee training details to various organisations and employers within the Irish Health Services and in ultimately serving the legitimate interest of our clients and service users.

Under GDPR Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.

  • Details of this can be viewed in our Privacy policy located in HSELanD’ s footer and also is presented at sign-up and profile registration update.
  • If at any time any change in conditions to your individual rights are made, you will be informed and presented with this information.

Under GDPR Individuals must have the right to access their personal data.

  • This is commonly referred to as subject access.
  • Individuals can make a subject access request by using the submission form opposite. (Select Subject – Individual access request)
  • HSELanD has one month to respond to a request.
  • There is no charge or fee to deal with a request in most circumstances.

As stated, you have the right to request a copy of the information that we hold about you.

However, all of the information we hold about you is fully transparent and available to you by simply logging onto Access in HSELanD is provided for you to run, print or download a (Machine transferable) report of all your personal data held within HSELanD.

GDPR states that you have a right to data portability, allowing individuals to obtain and reuse their personal data for their own purposes across different services.

  • HSELanD Provides access for you to run, print or download a report of all your personal eLearning, classroom & profile data within HSELanD.
  • This will allow you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.

GDPR states that Individuals have the right to request the restriction or suppression of their personal data.

  • This is not an absolute right and only applies in certain circumstances.
  • By reviewing and proceeding with registration (thus accepting our privacy policy) you are providing HSELanD with consent to process your data.
  • If an individual has a wish to challenge this, you can do this by using the submission form opposite. (Select Subject – Restrict processing request)
  • HSELanD has one calendar month to respond to a request.
  • This right has close links to the right to rectification (Article 16) and the right to object (Article 21).

The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.

  • If you have a query or request in relation to the accuracy of your data, please submit by using the submission form opposite. (Select Subject – Rectification request)
  • HSELanD has one calendar month to respond to a request.
  • In certain circumstances we can refuse a request for rectification. However, we will explain any such decision to you directly.
  • This right is closely linked to the controller’s obligations under the accuracy principle of the GDPR (Article (5)(1)(d)).

The GDPR introduces a right for individuals to have personal data erased.

  • The right to erasure is also known as ‘the right to be forgotten’.
  • Individuals can make a request for this by using the submission form opposite. (Select Subject – Right to be forgotten)
  • HSELanD has one month to respond to your request.

Please note in HSELanD’s case the aforementioned right is not absolute, we will review and revert in regard to your request, however HSELanD’s position is that of its funder (HSE) which clearly sets out in its HSE Records Retention Policy of 2013 HR Section P 38 that all training records in both hard copy and electronic format are to be retained’ indefinitely’ Training records ‘per se’ require the personal data as identifiers.

Access to HSeLanD data is strictly controlled and only available through a limited number of authorised personnel in each organisation.

All requests for HSELanD data pertaining to Learning and Development reports are assessed for GDPR compliance.

  • You can request access to this Data by using the submission form opposite. (Select Type - Data Provision Authorisation)
  • Your request will be reviewed by a member of the HSELanD team and dealt with appropriately either by referring you to the appropriate pre-authorised Data Access Manager for your service or you will be provided with a form to complete.
  • The information in this form will be used in the administration of your data enquiry in line with our responsibilities under the Data Protection Act (1988 & 2003). It will be treated as confidential and will not be supplied to any third party.