Data Protection Statement


The Pensions Authority is committed to protecting the rights and privacy of individuals in accordance with the General Data Protection Regulation (the GDPR) and the Data Protection Act 2018 (the DPA). The DPA complements the GDPR and deals extensively with how the GDPR will be enforced in Ireland. Throughout this statement ‘Data Protection Laws’ should be taken as referring to the GDPR, the DPA and any amending legislation. Data Protection Laws confer rights on individuals in relation to the privacy of their personal data. Data Protection Laws also impose responsibilities on those persons holding and processing such data. The Authority collects, stores and processes certain personal data in order to carry out its functions. Personal data means any information relating to an identified or identifiable living individual.

Privacy statement

Details of the personal data that the Authority processes and how individuals can exercise their rights under Data Protection Laws can be found in the Authority’s Privacy Statement.

Data protection principles

The Authority is committed to adhering to, and demonstrating compliance with, the following principles relating to the processing of personal data as set out in Data Protection Laws.

Personal data shall be:

  • processed lawfully, fairly and transparently
  • collected for specific, explicit and legitimate purposes
  • adequate, relevant and limited to what is necessary for processing
  • accurate and, where necessary, kept up to date
  • kept in a form such that the data subject can be identified only as long as is necessary
  • processed in a manner that ensures appropriate security

Rights of individuals whose data is collected

The Authority is committed to designing and maintaining appropriate policies and procedures to protect the rights of individuals as set out in Data Protection Laws to:

  • access their personal data
  • correct their personal data
  • erase their personal data
  • restrict processing of their personal data
  • transfer their personal data
  • object to the processing of their personal data
  • withdraw consent (where we are relying on consent to process data)

In circumstances where the above rights are not available to an individual due to legal reasons, they will be notified of the reason.

Responsibilities of the Authority

The Authority’s responsibilities under Data Protection Laws include:

  • implementing appropriate technical and organisational measures to secure personal data 
  • implementing appropriate agreements with third parties who access the personal data we hold or we transfer personal data to
  • implementing data protection measures by default when we design systems and processes 
  • conducting data protection impact assessments when designing new types of data processing and using new technologies
  • maintaining procedures for data subjects to exercise their rights under Data Protection Laws
  • maintaining personal data breach procedures 
  • ensuring that adequate governance of our data protection policies and procedures are in place, including the appointment of a Data Protection Officer.

Contact details for further information

Data Protection Officer

The Authority’s data protection officer (DPO) has responsibility for ensuring compliance with Data Protection Laws. Individuals who have questions on the Authority’s compliance with Data Protection Laws can contact the DPO.

The Pensions Authority
Verschoyle House
28/30 Lower Mount Street
Dublin 2,
D02 KX27
Phone: (01) 613 1900

The Data Protection Commission

The Data Protection Commission is responsible for upholding the rights of individuals under Data Protection Laws. Individuals who feel their rights are being infringed can complain to the Data Protection Commission, who will investigate the matter, and take whatever steps may be necessary to resolve it.

The Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Phone: 01 7650100 / 1800437 737