My Department has recently received from Tusla, the Child And Family Agency a copy of correspondence referring to data breach notifications which it reported to the Data Protection Commission since the introduction of GDPR in May, this year.
The General Data Protection Regulation (GDPR) very significantly increases the obligations and responsibilities for organisations and businesses in how they collect, use and protect personal data. At the centre of the new regulations is the requirement for organisations and businesses to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities.
Tusla has advised me that it is not aware of specific privacy concerns or incidents having been received by, or referred to, either its data protection unit or the responsible service unit, in relation to the named organisation. Tusla has also advised that it does not request or receive personal data from the organisation referred to by the Deputy but would request statistical data from its member organisations. This statistical data is utilised in a variety of ways, but always without it being identifiable to any individual.
Tusla has advised if the Deputy is aware of a data protection breach concerning the organisation, she should make contact with its Data Protection Officer at datacontroller@tusla.ie.
The organisation referred to by the Deputy has not been in receipt of funding from Tusla since 2015.