Mick Wallace (Wexford, Independent) | Oireachtas source

I realise that the project was in the making before the GDPR came into being, but is Tusla's privacy impact assessment now a box-ticking exercise? Rape Crisis Network Ireland, RCNI, immediately expressed concern at Tusla's statement about the absence of a PIA. The GDPR, and specifically section 76 of the Data Protection Act 2018, refer to data protection by design and by default. Section 35 of the GDPR and section 84 of the Data Protection Act 2018 specifically state that where a type of processing is likely to result in a high risk to rights and freedoms, data controllers should carry out a data protection impact assessment prior to carrying out the processing. Data protection safeguards must be designed into products and services from the earliest days of development.

I point out to the Minister that there are half a million children on these files. One might be forgiven for suspecting that Tusla is not taking this as seriously as the GDPR might recommend.

See this speech in context