Data Protection

My Department can provide the following information in relation to data breaches. When the General Data Protection Regulation (GDPR) came into force on 25 May 2018, my Department was required under Article 33(5) to document information relating to personal data breaches.

The number of data breaches in my Department in each of the past seven years and to date in 2023 are outlined in the table below:-

2016	2017	2018	2019	2020	2021	2022	1/Jan/2023 to 26/Sept/2023
Nil	Nil	5	9	11	13	18	12

The majority of data breach incidents that have occurred relate to mis-addressed correspondence by email and post. In most instances, data breaches have involved no risk or low risk to the data subject. In cases where there was a low risk to the rights and freedoms of a data subject, the Data Protection Commission was notified. A singular case arising in the above similar circumstances, but deemed to be a high risk to the rights and freedoms of an individual data subject, was notified to the data subject and the Data Protection Commission, in line with GDPR requirements.

My Department takes its data protection responsibilities very seriously and makes every effort to ensure that personal data is safeguarded at all times. Technical and organisational measures, as required under GDPR, are implemented to ensure the security of personal data being processed. Data security and data privacy are central topics of all data protection awareness campaigns rolled out to staff on a regular basis. Also, my Department has a data breach protocol in place for the management of data breach incidents.