As the Deputy will be aware, the General Data Protection Regulation (GDPR) came into effect on 25 May 2018 and any personal data breaches since its introduction are dealt with under the Regulation and the Data Protection Act 2018.
Article 4 of the GDPR defines a data breach as “‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.
All of the data breaches that occurred in my Department since its establishment in 2020 are classified as unauthorised disclosure of personal data. Of the breaches that occurred in my Department since 2020, none were assessed to represent either a high or a medium risk. Two of them (40%) were classified as low risk, and the remaining three (60%) as presenting no risk.
The Data breaches which occurred in my Department were reported to the Data Protection Commission and/or the affected data subjects in line with the requirements of the legislation.
Year
|
No of Breaches Reported to Dept. Data Protection Unit
|
Reports Reported to Data Protection Commission
|
High Risk
|
Low Risk
|
Medium Risk
|
No Risk
|
2020
|
-
|
-
|
-
|
-
|
-
|
-
|
2021
|
1
|
1
|
-
|
1
|
-
|
-
|
2022
|
2
|
1
|
-
|
1
|
-
|
1
|
1/1/23 – 16/10/23
|
2
|
-
|
-
|
-
|
-
|
2
|