Data Protection & FOI

DP button foi button

Data Protection

The Medical Council adheres to the requirements under the Data Protection Acts 1988 & 2003. From 25 May 2018, the Medical Council will adhere to the requirements under the General Data Protection Regulation ((EU) 2016/679) (‘GDPR’) and the corresponding Data Protection Act 2018 (currently at the Data Protection Bill stage). Broadly speaking, the GDPR enhances the rights of individuals (also known as ‘data subjects’) around the protection of their personal data. Further information on the GDPR is available below. If you would like to view our Privacy Statement, please click here. Additional information on data protection is available on the Data Protection Commissioner website, including their dedicated GDPR section, and on the Office of the Information Commissioner website.

More Information

Data Protection for Registered Medical Practitioners

If you are a medical practitioner registered with the Medical Council, and wish to find out more about the main ways in which we may use your personal information, please read below.

Your Registration
In accordance with Section 56 (1) of the Medical Practitioner’s Act, 2007, (‘MPA’) the Council shall ensure that the register is published in the prescribed manner, and in accordance with Section 56 (2) of the Act, residential addresses, telephone numbers, email addresses or similar details will not be published.

In order for the Council to assess an application for registration under Section 47(1) (f), such an application would be submitted to a medical Postgraduate Training Body approved under Section 89 of the MPA to be assessed to determine eligibility for the Specialist Division.

Your Education & Training
The Medical Council may request information from relevant bodies in relation to doctors in training and/or doctors providing training for the purposes of basic and specialist medical education and training. This is to assist in our evaluation and ongoing monitoring of our accreditation and inspection activity of Medical Schools, Clinical Sites and Postgraduate Training Bodies, pursuant to Part 10 of the MPA.

Your Professional Competence
In accordance with Section 91 of the MPA, the Medical Council may provide your Medical Council registration details to the Postgraduate Training Bodies or your employers to assist our monitoring of your maintenance of professional competence.

A number of times a year the Medical Council will send you an e-zine/email newsletter which will highlight important and useful information relevant to the role of the Medical Council, patient safety, useful information and guidance and other information relating to your role as a registered medical practitioner. This email letter will only contain relevant information and you will always have the opportunity to unsubscribe from these newsletters via the ‘unsubscribe’ option on the email.

Rights of data subjects

Data subjects have certain rights under the GDPR. One of these rights is to access any personal data that an organisation holds on them, subject to certain exemptions. If you wish to access your personal data please complete the Subject Access Request form.

Data Protection and Freedom of Information

The right of access to information under data protection and freedom of information legislation is similar, however data protection legislation does not apply to records of individuals that are deceased. Under data protection legislation you may request your own personal data, however under freedom of information legislation you may request information other than your own personal data. There are exemptions provided for under both sets of legislation so there are circumstances under which information may not be released but the reasons for not releasing information will be outlined in our response to you.

For more information on the differences between Freedom of Information and Data Protection, please click here.

Information on Freedom of Information is available here.

Personal data

Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


On May 25th of this year the General Data Protection Regulation ((EU) 2016/679) (‘GDPR’) will come into effect across Europe. On February 1st the Irish Government published the Data Protection Bill 2018 which will transpose the GDPR into law. It will be followed by the publication of the Data Protection Act, the effect of which will be to replace the Data Protection Acts 1988 & 2003. It will enhance the rights of individuals (‘data subjects’) regarding their personal data. Personal data is a piece of information by which a person can be identified, such as a name or an email address (although personal data can take many forms). The GDPR will apply to all organisations that process personal data of data subjects who reside in the EU.

For the Medical Council, data subjects generally include members of the public, medical practitioners and employees of the organisation. Ultimately the GDPR will strengthen the rights of individuals and as an organisation, the Medical Council has a responsibility to ensure that these rights are respected. With this in mind the Medical Council will be training its employees, and updating policies and procedures as required, and ensuring that its website is as informative as possible.

For more information, visit the Data Protection Commissioner’s GDPR website.