Subject Access Request Policy
Context and Overview Key Details
|Owner of the document||The Data Protection Unit|
|Prepared by||Data Protection Manager|
|Approved by||Data Protection Officer|
|Next review date:||Q3, 2023|
Under Article 15 of the General Data Protection Regulations (GDPR), data subjects have a right to access their personal data and to be informed of the type of data held about them by organisations, such as the Property Registration Authority (PRA).
This policy document describes how individuals can access the personal data held about them by the PRA. It sets out how the PRA responds to subject access requests, and what exemptions apply.
The right of access as set out in legislation means the PRA must:
- Inform the individual whether personal data is being held and processed;
- Give a description of the personal data, the reasons it is being processed, and if it has been given to other organisations or people;
- Where possible indicate the retention schedule for the personal data;
- Provide a copy of the data; and
- Inform them if their personal data has been transferred to a third country or an international organisation, and if appropriate safeguards were in place.
- Personal data
Article 4 of the GDPR defines ‘Personal data’ as;
“Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
- Personal data held by the PRA
The PRA collects personal data of customers only for purposes of completing and maintaining the public (National) Land Register. Personal data includes, but is not limited to, names, addresses, lodging party and applicant details. There may also be some official documents held at the point of registration, such as bank details, affidavits, correspondence, application forms etc.
- Submission of a Subject Access Request
Subject access requests may be made to Liz McDonnell, Data Protection Unit by completing the Subject Access Request Form available for download here and emailing it to DataProtectionUnit@prai.ie with “Subject Access Request” in the subject heading.
Alternatively, the form can be sent by post to Liz McDonnell, Data Protection Administrator, Data Protection Unit, Property Registration Authority, Chancery Street, Dublin 7.
Sufficient proof of identity must be enclosed with the application (e.g. photocopy of passport or driving licence) as well as information to enable us to locate any relevant personal data. Without proof of ID and address, the application may not be processed as it cannot be considered a valid request.
The PRA will communicate directly with you once a valid subject access request has been received. This contact may help you specify the exact information you wish to receive. You can help us to expedite responding to your request by giving us as much information as possible about the data you are seeking access to and limiting the range, scope and time of data sources you wish us to search as much as possible.
The PRA will reply to the requestor in the same manner as the request has been received, i.e. if request is received electronically, the PRA will reply electronically. If the request is received by post, the PRA will reply by post.
- Refusal policy
The PRA will endeavour to meet every data access request to the fullest. Refusal of a data access request will generally only be made on the grounds that:
1) ID and proof of address have not been provided;
2) The scope of the request is too vague to facilitate the appropriate search. Every effort will be made by the Data Protection Unit (DPU) to ascertain the nature of the request and respond within 30 days; or
3) The document is exempt under the GDPR and the Data Protection Act, 2018 (see 12, below).
There are no fees for the submission of a subject access request. However, in exceptional cases where a request is deemed to be manifestly unfounded, excessive due to its repetitive character or where a request for copies has already been provided a fee may be imposed.
- Completeness of review
Under Article 15 of the GDPR, the Data Controller must make every effort to ensure that the data subject receives a copy of all their data in a suitable format.
The DPU should undertake an exhaustive search of the possible categories of personal data as follows:
- Folios registered in the name of the data subject (which form part of the public Register).
- Pending applications for registration.
- Completed applications for registration – Instruments.
- Pending or completed applications for certified copies.
- Letters/e-mail correspondence documents.
- Ordnance Survey updates.
- Third-party data
Once the information has been collected, we will consider our obligations to protect the privacy of other data subjects. The person(s) preparing our response will consider the rights of third parties and any obligations of confidentiality which may apply, in addition to any relevant exemptions under the GDPR. Where the identity of third parties would be disclosed in data which related to you, we may either blank out (redact) that data to protect the privacy and confidentiality of such third parties or may provide you with an extract from the data instead of the original sources material.
- Final reply
All valid subject access requests will be completed within one month of receipt of the sufficient proof of identity. In the unlikely event that the request cannot be completed within this timeframe, the PRA can apply an extension period of up to two months as available under Article 12, sub section 3 of the GDPR. Notification will be given to the applicant if such is the case.
Where a document cannot be found following a number of searches, the data subject will be notified of this in their final reply.
- Exemption for access under data protection
There are a number of records exempt from data protection legislation which, as a result, are not subject to data access requests and they are as follows:
- Folios and Maps which form part of the Public Register
The Irish Land Register is a public record and any person, as provided for under Rule 165 of the Land Registration Rules 2012, may inspect the folios and maps, on payment of the prescribed fees. In this regard data protection legislation, as provided for under Section 60(7) (m) of the Data Protection Act 2018, does not apply to the data contained in the folio given that the land register is a public register.
- Completed Applications for Registration – Instruments
Access to Land Registry Instruments is governed by Rule 159 of the Land Registration Rules 2012 and therefore access to an Instrument cannot be granted under data protection legislation as part of a subject access request.
- Court Registered files
where personal data is held on a court file, it should be noted that all records created in relation to court proceedings are considered court records and therefore fall solely under the control of the courts. Accordingly, it is a matter for the Judge to decide whether, and in what format, access to the record is to be provided.
- Folios and Maps which form part of the Public Register
- Contact details
The PRA takes data protection very seriously and will endeavour to ensure that your data is protected at every stage. However, you have the right to query and or complain either through the Data Protection Unit, Data Protection Officer or Data Protection Commission.
Data Protection Unit and Data Protection Officer
In writing: Data Protection Unit, Property Registration Authority, Chancery Street, Dublin 7.
By email: DataProtectionUnit@prai.ie
Data Protection Commission
In writing: Office of the Data Protection Commissioner. 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland.
By email: email@example.com
- Further information
For further information on data protection in the PRA, please see our Data Protection Policy at https://www.prai.ie/data-protection/