Katherine Zappone (Dublin South West, Independent) | Oireachtas source

To be clear, Tusla is not in breach of the GDPR in respect of the NCCIS. This system is fully compliant with the current legislation. The data protection impact assessment currently in progress was started in early 2018 and is due to finish by the end of this month. A total of 12.5 of the 17 Tusla areas were using the NCCIS system in advance of the GDPR coming into effect on 25 May 2018. The remaining 4.5 areas went live over the following two months, with all 17 areas fully live by the end of July 2018. As Deputy Wallace has indicated, a data protection impact assessment is a requirement of the GDPR. Assessments are legally mandatory only for processing operations that were initiated after the GDPR implementation date of 25 May 2018, and are particularly relevant when a new processing technology is introduced. What I am indicating here is that Tusla began a protection impact assessment in early 2018 and this is due to finish by the end of the month.

Is the Deputy seriously suggesting that I put data protection requirements above the vital need to protect children at risk? Tusla began this process in early 2018, prior to the GDPR coming into place. The agency is continuing with this and that is good practice.

See this speech in context