Employee Data Privacy

Ireland - GDPR National Laws

 Download as a PDF

GDPR Related National Laws & Modifications

The European Union’s General Data Protection Regulation, going into effect May 25, 2018, sets a common standard for protecting personal data across the EU. It also allows member nations some flexibility to create additional provisions and limitations. Some examples, which may impact HR teams, include the ability for EU member states to:

  • provide “specific rules to ensure the protection of…employees’ personal data in the employment context” (Art. 88);
  • limit the transfer of “specific categories of personal data to a third country or international organization” if the country (or international organization) is deemed not to have adequate protections in place (Art. 49, (5)); and,
  • “determine the specific conditions for the processing of a national identification number or any other identifier of general application” (Art. 87).


arrowinsandDerogations in Ireland

Ireland’s new Data Protection Act 2018 (DPA) implemented the General Data Protection Regulation in Ireland and set a few rules which may impact employers, including:

Sensitive personal data – Can be processed in certain circumstances when “suitable and specific” measures have been taken to safeguard the fundamental rights and freedoms of the employee (and other data subjects).

Examples of appropriate circumstances include when data is being processed:

  • on the basis of a legal obligation on the employer (i.e., the data controller) or employee (i.e., the data subject) relating to employment (or social welfare);
  • for legal advice/procedures or establishing/defending/exercising legal rights;
  • for the performance of a function conferred on a person by enactment or the Constitution;
  • when necessary and proportionate for insurance, life assurance policies, pensions or mortgages; or,
  • for health/social care purposes.

chuttersnap-255210Criminal background checks – Under the DPA, the processing of criminal conviction data, such as  background checks, is allowed in specific situations, including: with the individual’s consent; when necessary and proportionate to perform a contract to which the individual is a party (or, to take steps at the request of the individual prior to entering a contract); or, the processing is necessary for legal advice/proceedings or for establishing/exercising/defending legal rights. That said, it’s generally not legal for employers to request criminal records on employees and job applicants. One exception to this rule is when an employee or job applicant will have access to, or contact with, children or vulnerable individuals. Employees and job applicants have to request their criminal records directly from the authorities (the employer cannot request them).

Access requests – Employers cannot require employees, job applicants or contractors to make access requests or provide personal data that was obtained as a result of an access request.


UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk