GDPR in Ireland – the facts and figures

In this excerpt from GDPR – One Year On, Alice Turley discusses the impact of the GDPR (General Data Protection Regulation) in Ireland. 


Data breach notifications in Ireland 

Figures from the DPC’s (Data Protection Commission) first annual report show that a total of 4,740 valid data breach notifications were received in 2018. This is a 70% increase on the 2017 figure of 2,795. 

There were also 4,113 complaints in 2018, 70% of which were received after 25 May 2018, the GDPR enforcement date. In comparison, 2,642 complaints were made in 2017 

Taking these figures into account, it seems people are more aware of their rights since the GDPR came into forceA recent report from the European Data Protection Board supports thiswith most supervisory authorities seeing rise in queries and complaints last year compared to 2017.  

According to the Special Eurobarometer 487a report67% of EU citizens polled have heard of the GDPRalthough just 36% of these are aware of what the Regulation entails. 

In addition, 57% indicated that they are aware of the existence of a public authority in their country that is responsible for protecting their data protection rights – a 20% increase since 2015 


Data breach types 

According to the DPC, of the data breaches notices from 25 May to 31 December last year, 85% were the result of disclosure. Disclosure is when a data subjects personal data is disclosed in errorsuch as an email or letter sent to the wrong person.  

Speaking at the Association of Compliance Officers in Ireland conference this year, Niall Cavanagh, the DPC’s assistant deputy commissioner, advised that the autocomplete function in email has caused a considerable number of data breaches. 

Meanwhile, 3% of notifications related to phishing – attacks that could have been prevented if staff had been aware of how to recognise a phishing email.   

65% of notifications came from the private sector and 35% from the public sector. 


Ireland – Data breach notification types from the DPC’s first annual report

Ireland – Data breach notification types from the DPC’s first annual report


The DPC’s report outlines several case studies where a breach has occurred, advising that each one could have been prevented if appropriate technical and organisational measures had been implemented.   


Appointment of a data protection officer  

Under the GDPRan organisation is required to provide the supervisory authority with the name and contact details of its DPO (data protection officer).  

By 31 December 2018, the DPC had received 900 DPO notifications. It also had 15 open investigations into certain multinational technology organisations. 


DPCs’ ongoing investigations 

Speaking to the Irish Times in MayHelen Dixon, Ireland’s recently reappointed Data Protection Commissioner, revealed that the DPC now has more than 50 open investigations, spanning domestic companies, publicsector bodies and US technology giants. 

17 of these open investigations are focused on multinational technology companies that have their headquarters in Ireland. Eight investigations involve Facebook.  

Its important to note that the final decision on multinational technology companies must be approved by all 28 EU data protection commissioners. That withstanding, Dixon has indicated that fines are coming towards the end of summer and are likely to be substantial.   


This is an excerpt from Alice Turley’s webinar ‘GDPR – One Year On’. To view the full webinar, click here. 


Alice is a qualified data protection, compliance and insurance professional, consultant and trainer. She is highly experienced in data protection, consumer protection and compliance, providing expert and solution-based advice to organisations within the insurance, advertising and education industries. 


Further reading: 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.