Disclaimer

The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

 Customs Information System (CIS)

 
The Customs Information System (CIS) is a computer system centralizing customs information aimed at preventing, investigating and prosecuting breaches of Community customs or agricultural legislation. The CIS is composed of a central database ("Central CIS") accessible through terminals in each EU Member State.
 
The CIS is regulated under a double legal basis:
 
  • Council Regulation (EC) No 515/97 of 13 March 1997 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters (hereinafter "Regulation 515/97"), as amended by Regulation (EC) No 766/2008 of 9 July 2008 , and
  • Council Decision 2009/917/JHA of 30 November 2009 on the use of information technology for customs purposes (hereinafter "Decision 2009/917/JHA").
  
Article 37 of Council Regulation (EC) 515/1997, as amended by Regulation 766/2008, sets out the data protection supervision framework for data processed in the Customs Information system (CIS). In addition, in Ireland the Customs Act 2015 gives effect to Council Decision 2009/917/JHA of 30 November 2009.
 
FIDE (Fichier d'Identification des Dossiers d'Enquêtes Douanières – Customs files identification database) is an EU-wide index used in the context of the CIS. It is composed of investigation records, generated by Member States' customs and other investigation authorities for administrative purposes and for purposes of criminal investigations and prosecutions in the customs area.
 

European Supervision

 
The European Data Protection Supervisor (EDPS), the CIS Supervision Coordination Group and the Customs Joint Supervisory Authority supervise data processed within the Customs Information System (CIS).
 
In order to ensure supervision coordination for the Customs Information System ('CIS'), representatives of the national Data Protection Authorities ('DPAs') and the EDPS meet usually once a year, back-to-back with the Customs Joint Supervisory Authority ('Customs JSA'). The national DPAs represented are those of the 28 EU Member States.
 

National Supervision

 
As set out in the Customs Act 2015, the Data Protection Commission is the national supervisory authority for the purposes of the Naples II Convention and for the purposes of Article 24 of the Council Decision 2009/917/JHA of 20 November 2009 on the use of information technology for customs purposes.
 
 
 

Access Rights

 
You have the right to obtain a copy of any personal data processed about you by the Revenue Commissioners or the Department of Agriculture, subject to the restriction of any such right of access under the General Data Protection Regulation or the Data Protection Act 2018.
 
To make a Subject Access Request please see
 
 
 
 
 
Further Assistance
 
You may request that the Data Protection Commission check the CIS in order to establish whether any data about you are being processed lawfully.
 
If you experience difficulty exercising your data protection rights in relation to the CIS, you can Raise a Concern with the Data Protection Commission.