Peadar Tóibín (Meath West, Aontú)
Link to this: Individually | In context | Oireachtas source

101. To ask the Minister for Public Expenditure and Reform the number of data breaches experienced by his Department in each of the past ten years and to date in 2024; if a breakdown will be provided on the nature of the breaches; and if he will make a statement on the matter. [41739/24]

Paschal Donohoe (Dublin Central, Fine Gael)
Link to this: Individually | In context | Oireachtas source

As the Deputy will be aware the General Data Protection Regulation (GDPR) came into effect on 25 May, 2018. To prepare for this critical date, my Department agreed a range of new internal data protection policies including a formal data breach management policy, the objective of which was to ensure that any data breaches are dealt with as required under Articles 33-34 of the GDPR.

Since the introduction of the data breach management policy in 2018, the Department has identified and recorded 50 data breaches as set out in the table below. Of the breaches identified in the Department, the majority of the breaches were determined to be minor in nature and were handled in accordance with the Department's data breach management policy. Only a small proportion warranted formal notification to the Data Protection Commissioner (DPC) under the GDPR. The minor breaches were followed up with appropriate remedial actions considered necessary by my Department’s DPO.

* 25 May, 2018 onwards

** to-date in 2024