The Deputy will be aware that the General Data Protection Regulation (GDPR) came into effect on 25 May, 2018. To prepare for this critical date, my Department agreed a range of new internal data protection policies including a formal data breach management policy, the objective of which is to ensure that any data breaches are dealt with as required under Articles 33-34 of the GDPR.
Since the introduction of the data breach management policy in 2018, the Department has identified and recorded 39 data breaches as set out in the table below. Of the breaches identified in the Department since then, only a small proportion warranted formal notification to the Data Protection Commissioner under the GDPR. The majority of the breaches identified were determined to be minor in nature and these were handled in accordance with the Department's data breach management policy.
Year
|
Number of Data Breaches
|
2018*
|
9
|
2019
|
7
|
2020
|
10
|
2021
|
6
|
2022
|
4
|
2023**
|
3
|
* 25 May, 2018 onwards
** to-date in 2023