Mr. Barry Lowry:

This legislation would not address a specific departmental matter. Obviously, the general data protection regulation, GDPR, will address organisational deficiencies if they are found out. The GDPR is very strong on penalties. As Mr. Carroll said, it approaches the private and public sectors slightly differently in terms of penalties, but the GDPR looks at the organisational role in good data stewardship.

Individual organisations such as the Department of Social Protection and Revenue will and have always had procedures and disciplines in place and so on for individual responsibilities within that system.