The Data Protection Commissioner's office (DPC) was unsurprisingly very busy in 2016.
The start of the report clearly reminds us of the important role the DPC has. It states that it is 'the national independent authority with responsibility for upholding the EU fundamental right of the individual to have their personal data protected'. That's not an easy role!
The media attention on the report has mainly focused on the breaches and investigations reviewed by the DPC. These include:
- the taking of photos of a sleeping employee - no breach was found to have occurred in the circumstances;
- a ransomware attack on a school involving pupils' data - a breach was found to have occurred;
- Bank of Ireland disclosing details of a man's loan account to his mother over the phone - a breach was found to have occurred;
- an online retailer who had exposed it's customers' credit card transactions for 8 weeks without realising it - a breach was found to have occurred and recommendations were issued by the DPC;
- unsolicited marketing by Paddy Power when people used wifi in their stores - Paddy Power pleaded guilty to this charge and paid €500 to charity;
The DPC carried out audits of several state bodies during 2016. These included the Revenue Commissioners, An Garda Síochána, the Garda Síochána Ombudsman Commission and the the Defence Forces.
As expected the report makes it clear that the next 12 months are all about GDPR for the DPC. From 2013 to 2017 the staff of the DPC has increased from 30 to almost 100. Funding has also increased significantly to €7.5m.
To access a copy of the report click on the link here
If you need advice on data protection and GDPR compliance please contact a member of our Employment Law & Data Protection Team.
Disclaimer:This article is for guidance purposes only. It does not constitute legal or professional advice. No liability is accepted by Leman Solicitors for any action taken or not taken in reliance on the information set out in this publication. Professional or legal advice should be obtained before taking or refraining from any action as a result of the contents of this publication. Any and all information is subject to change.
During 2016, the office dealt with 15,335 queries by email, 16,744 telephone calls and 1,150 queries by posts. It opened 1,479 complaints for investigation. Some 2,224 valid data breach notifications were received by the office last year, a slight decrease on the 2,317 the previous year. It carried out 50 audits and inspections, including in-depth audits on State agencies such as An Garda Síochána, the Defence Forces, the Revenue and the Garda Síochána Ombudsman Commission with regard to their access to the communications data of individuals.