Breach-report

The first annual report of the Irish Data Protection Commission (IDPC) reveals that the number of data security breach notifications has escalated since the implementation of the EU’s new data laws.

In total, 4,470 valid data security breaches were brought to the attention of the IDPC in the 2018 calendar year, representing a sobering 70% increase on the total number of 2,795 recorded in 2017.

Also through 2018, the IDPC received 4,113 complaints – up 56% on the total number of complaints (2,642) received the year before.

The figures demonstrate a rapidly-growing awareness among organisations and consumers about the importance of data protection and privacy.

The Data Protection Commissioner, Helen Dixon, said:

“The rise in the number of complaints and queries demonstrates a new level of mobilisation to action on the part of individuals to tackle what they see as misuse or failure to adequately explain what is being done with their data.”

Commenting on the impact the introduction of GDPR has had, Ms Dixon stated:

“Although we are still in the stage of having to bust some myths and misunderstandings that have built up around the GDPR, we feel very optimistic about the improvements we will see in Ireland in personal-data-handling practices over the next few years.”

Looking towards the future, Ms Dixon said:

“We look forward to industry embracing Codes of Conduct and raising the bar in individual sectors in terms of standards of data protection and transparency, which is why we have launched a large-scale consultation around the processing of children’s data, the results of which will be reflected in a best practice guidance note for industry.

“The Irish DPC has been in expansion mode for the past four years and we are not stopping now. Following a major recruitment campaign in 2018, 25 new staff had joined the DPC by the end of December, with a further 25 coming on board in January 2019, so that the DPC has grown to 135 staff.

“We will recruit an additional 30 staff this year in order to meet the demands of the tasks assigned under the GDPR and to deliver public value in what is an area of critical importance to society.”