Data Protection and Access Requests


The EU General Data Protection Regulation 2016/69 (GDPR) was introduced on 25 May 2018. It was transposed into Irish law by the enactment of the Data Protection Act 2018. This European and national legislation regulates the processing of personal data of a living person (known as a ‘data subject’). Essentially, this legislation is designed to strengthen the protection of the rights and freedoms of data subjects.

Tallaght University Hospital (TUH) is fully committed to the protection of the rights and freedoms of individuals whose personal data it holds. For further information on how TUH collects, stores and uses personal information relating to data subjects, please see our Data Protection Statement.

Data Controller

Tallaght University Hospital is a Data Controller for all personal data collected for the purposes of its core activities.

Your data protection rights

Under data protection legislation, you have designated rights. Subject to certain restrictions, which are set out below, you can exercise these rights in relation to your personal data that is processed by TUH. Your rights are as follows:

  1. The right to be informed about the processing of your personal data
  2. The right to access your personal data
  3. The right to the rectification of your personal data
  4. The right to the erasure of your personal data
  5. The right to data portability
  6. The right to object to the processing of your personal data
  7. The right to restrict the processing of your personal data
  8. Rights in relation to automated decision making (including profiling)

Restriction of data subject rights in certain circumstances

Article 23 of the GDPR allows for data subject rights to be restricted in certain circumstances. In addition, the Data Protection Act 2018 contains certain provisions dealing with the restriction of the rights of data subjects (in particular, Sections 59, 60 and 61) which give further effect to the provisions of Article 23. General guidance in relation to the application of Article 23 and the related provisions of the 2018 Act have been provided by the Data Protection Commission (DPC) and is available from its website.   

Section 60 of the Data Protection Act 2018 provides for restrictions on the obligations of data controllers and on the rights of data subjects for important objectives of general public interest.

Data Subject Access Requests

To make a request, please write to the Release of Information Department at TUH. The contact details are

By postRelease of Information Department
Tallaght University Hospital
Dublin 24
D24 NR07

In your email/letter, you should: 

  • state that you are making a request under the GDPR and Data Protection Act 2018
  • provide as much information as possible about the records you require
  • specify how you would like to receive the records – that is, would you like to receive them by email or by post?

Proof of identity

Before you can be given access to personal information relating to yourself, you will be asked to provide proof of identify. This is requested to ensure that information is released to the appropriate person and sent to the correct email or postal address.

You are asked to provide two types of identification. These are as follows:

  • a copy of your identification bearing your full name and photograph (for example, passport, driver’s licence, etc.)
  • proof of address to which the materials are to be sent (for example, the top of a utility bill bearing both your name and address); this must be less than 6 months old


The time it takes to process your request can vary depending on the records you are looking for and how many other requests are being processed at the same time. We endeavour, however, to get your records to you within one month. Where it may take longer to process your request, we will contact you to make you aware of this and to give you an indication on when you may receive your information.

Allowing somebody to access your records

When making a Data Subject Access Request, you may request that your records be send to a third party who you appoint (for example, a solicitor, health professional, family member, etc.). TUH will only give your records to someone else when it has your consent to do so. Requests should be made as outlined above but we must also receive a letter signed by you, stating that you give your consent to the release of the records to the named individual. We may contact you about the request to release your records to a third party if further information or clarification is required.

Contact details for the Data Protection Officer (DPO)

Should you have questions about how TUH uses your information, or if you are concerned about any issue related to your personal data, you are welcome to contact our DPO. The contact details are as follows:

By postData Protection Officer
Tallaght University Hospital
Dublin 24
D24 NR07

Further guidance on data protection 

The Data Protection Commission (DPC) is the supervisory body for the GDPR in Ireland. Its website provides general information on the Data Protection Act 2018, the GDPR and other relevant information on the protection of the rights and freedoms of individuals in relation to the processing of their personal data. The contact details for the DPC are as follows:

By postData Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28