Tuesday, 1 June 2021
Department of Defence
The majority of data breach incidents that have occurred in my Department since 2018 have related to mis-addressed correspondence by email and post. In most instances, data breaches have involved no risk or a low risk to the data subject. In cases where there was a low risk to the rights and freedoms of a data subject, the Data Protection Commission was notified. A singular case arising in the above similar circmnstances, but deemed to be a high risk to the rights and freedoms of an individual data subject, was notified to the data subject and the Data Protection Commission, in line with GDPR requirements.
My Department takes its data protection responsibilities very seriously and makes every effort to ensure that personal data is safeguarded at all times. Technical and organisational measures, as required under GDPR, are implemented to ensure the security of personal data being processed. Data security and data privacy are central topics of all data protection awareness campaigns rolled out to staff on a regular basis. Also, my Department has a data breach protocol in place for the management of data breach incidents.