The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

The Customs Information System (CIS)

The Customs Information system was established under the CIS Convention of 1995. Its aim is to assist in combating customs related crime by facilitating co-operation between European customs authorities. This is a development of the principles of the 1967 Naples Convention which dealt with mutual assistance between Customs administrations in Member States and which Ireland ratified when it acceded to the EEC in 1973. The abolition of border controls following the formation of the Single Market in 1993 was a motivating factor in developing CIS as a means to combat smuggling.

The centralised Customs Information System located in Brussels can be accessed by Member States and as this involves the processing of personal data, a number of data protection safeguards have been built into the system. The CIS only records data relating to the Customs and Excise area, with the type of personal data being limited to that specified in the Convention.

CIS operates with two separate databases. One relates to matters which are subject to European law, whilst the second relates to matters which are solely subject to national law. The Revenue Commissioners are the designated national body for the purposes of the CIS Convention. The Department of Agriculture & Food also has certain responsibilities arising from the operation of the Common Agricultural Policy. Data held on CIS may be accessed by the competent authorities in the Member States. However, only the party which has inputted data may correct, amend or delete such data.

CIS went live on 24th March, 2003.

LINK» go to Revenue website
  go to Dept of Agriculture website

National supervision
The Customs and Excise (Mutual Assistance) Act, 2001 gives effect to the CIS Convention and the Customs Cooperation Convention in Irish Law. Section 6 of the Act designates the Data Protection Commissioner as the "national supervisory authority" for the purposes of both Conventions. This gives the Commissioner authority to monitor the data handling practices of the Revenue Commissioners and the Department of Agriculture & Food in the context of the CIS Convention or the Customs Cooperation Convention. Such monitoring includes a right of inspection.

European Supervision
A Joint Supervisory Authority is established under Article 18 of the CIS Convention. The JSA is responsible for supervising CIS and consists of representatives from the national authorities, including from the Office of the Data Protection Commissioner. The JSA can inspect the central CIS database. It also offers advice and can examine issues relating to access requests.

Access Requests
A person wishing to exercise his/her right of access should do so by contacting the competent national authority, either the Revenue Commissioners or the Department of Agriculture and Food. Similarly, requests for correction or erasure of data should be addressed to the competent national authority. Complaints arising from these matters should be addressed to the Data Protection Commissioner.
A person may request that the Data Protection Commissioner check CIS in order to establish if his/her data are being processed lawfully.