The Data Protection Commissioner's office (DPC) was unsurprisingly very busy in 2016. 

The start of the report clearly reminds us of the important role the DPC has. It states that it is 'the national independent authority with responsibility for upholding the EU fundamental right of the individual to have their personal data protected'. That's not an easy role! 

The media attention on the report has mainly focused on the breaches and investigations reviewed by the DPC. These include:

- the taking of photos of a sleeping employee - no breach was found to have occurred in the circumstances;

- a ransomware attack on a school involving pupils' data - a breach was found to have occurred;

- Bank of Ireland disclosing details of a man's loan account to his mother over the phone - a breach was found to have occurred;

- an online retailer who had exposed it's customers' credit card transactions for 8 weeks without realising it - a breach was found to have occurred and recommendations were issued by the DPC;

- unsolicited marketing by Paddy Power when people used wifi in their stores - Paddy Power pleaded guilty to this charge and paid €500 to charity;

The DPC carried out audits of several state bodies during 2016. These included the Revenue Commissioners, An Garda Síochána, the Garda Síochána Ombudsman Commission and the the Defence Forces. 

As expected the report makes it clear that the next 12 months are all about GDPR for the DPC. From 2013 to 2017 the staff of the DPC has increased from 30 to almost 100. Funding has also increased significantly to €7.5m. 

To access a copy of the report click on the link here

If you need advice on data protection and GDPR compliance please contact a member of our Employment Law & Data Protection Team.

Disclaimer:This article is for guidance purposes only. It does not constitute legal or professional advice. No liability is accepted by Leman Solicitors for any action taken or not taken in reliance on the information set out in this publication. Professional or legal advice should be obtained before taking or refraining from any action as a result of the contents of this publication. Any and all information is subject to change.