Aidan Farrelly (Kildare North, Social Democrats)
Link to this: Individually | In context | Oireachtas source

1099. To ask the Tánaiste and Minister for Justice and Equality if he will provide a schedule of fines issued to his Department and the Irish Immigration Service in respect of breaching general data protection, by year, from 1 January 2020 to date in 2025; and if he will provide a breakdown by amount, year and breach criteria cited [10813/25]

Jim O'Callaghan (Dublin Bay South, Fianna Fail)
Link to this: Individually | In context | Oireachtas source

I can confirm that my Department has not, to date, been issued with any fines in respect of breaching general data protection rules. This includes the areas of my Department that provide immigration services.

My Department is committed to protecting the rights and privacy of all individuals in accordance with the EU General Data Protection Regulation, 2016/679 (GDPR) and the Data Protection Act 2018. My Department complies fully with data breach reporting requirements.

Securing and managing personal data in accordance with the GDPR principles is a priority and is governed by a comprehensive set of policies, procedures and systems. For example, a Department Data Protection and Records Management Steering Group operates with membership of senior personnel from across the Department to assist the Management Board and the Data Protection Officer in fulfilling their Data Protection responsibilities. My Department also has put in place a network of data stewards to champion data protection awareness in each business unit.

Further, all staff must complete compulsory data protection training in order to ensure that my Department is compliant with obligations to protect all personal data processed. This includes data protection training provided as part of staff induction and an online Introduction to Data Protection e-learning course.

My Department has implemented appropriate measures to ensure that all data held under its control is secure and is not at risk from unauthorised access. Measures for the protection of personal data are reviewed and upgraded where appropriate, on an ongoing basis.