Peadar Tóibín (Meath West, Aontú)
Link to this: Individually | In context | Oireachtas source

269. To ask the Minister for Public Expenditure and Reform the number of data breaches experienced by his Department in each of the past ten years and to date in 2023. [42371/23]

Paschal Donohoe (Dublin Central, Fine Gael)
Link to this: Individually | In context | Oireachtas source

The Deputy will be aware that the General Data Protection Regulation (GDPR) came into effect on 25 May, 2018. To prepare for this critical date, my Department agreed a range of new internal data protection policies including a formal data breach management policy, the objective of which is to ensure that any data breaches are dealt with as required under Articles 33-34 of the GDPR.

Since the introduction of the data breach management policy in 2018, the Department has identified and recorded 39 data breaches as set out in the table below. Of the breaches identified in the Department since then, only a small proportion warranted formal notification to the Data Protection Commissioner under the GDPR. The majority of the breaches identified were determined to be minor in nature and these were handled in accordance with the Department's data breach management policy.

** to-date in 2023