My Department is committed to protecting the rights and privacy of data subjects and adhering to obligations as a data controller under data protection legislation.
The Department deals with personal data breaches in line with the Department of Health’s Data Breach Management Policy.
Under the GDPR, the Department must notify personal data breaches to the DPC unless it is unlikely to result in a risk to data subjects. Where a breach is likely to result in a high risk to data subjects, the Department must also inform those individuals without undue delay. In certain instances, the Department has made data subjects aware of breaches, even where the high risk threshold has not been met. The majority of personal data breaches the Department of Health have been caused by human error.
All personal data breaches are assessed on a case-by-case basis. Once a potential breach has been detected and secured, a risk assessment is undertaken to determine the risk to the rights and freedoms of the affected data subject(s). All incidents are then logged and reviewed to prevent a similar breach from reoccurring.
Total Breaches
|
Number of Breaches Notified to the DPC
|
Number of Breaches Notified to Data Subjects
|
62
|
18
|
10
|