GDPR in the HRB

General Data Protection Regulation

The General Data Protection Regulation (GDPR) 2018 outlines the legal obligations that are attached to personal data that is held by The Health Research Board. The Health Research Board is committed to protecting the rights and privacy of individuals in accordance with this act.

The HRB’s obligations under the GDPR are as follows;

  1. Obtain and process the information fairly.
  2. Keep it only for the one or more specified and lawful purposes.
  3. Process it only in ways compatible with the purposes for which it was given.
  4. Keep it safe and secure.
  5. Keep it accurate and up to date.
  6. Ensure it is adequate, relevant and not excessive.
  7. Retain it no longer than is necessary for the specifies purpose or purposes.
  8. Give a copy of his/her personal data to that individual, upon request.


Our general policies are available to read and / or download from our website.

Under GDPR, an individual has a right to obtain a copy, clearly explained, of any information relating to them kept on computer or in a structured filing system, by any person or organisation.

When making a request, you should give any details you have that would help us identify you and to locate all the information that we may keep about you – for example, any previous addresses, date of birth, reference number from previous contact with the Department.

You can make a Data Subject Access Request from our website.


GDPR queries

Please send any general GDPR-related queries to e


Download HRB GDPR documents