Data Protection Commissioner report reveals data protection complaints up by 79%
The Data Protection Commissioner (DPC) launched their 2017 Annual Report last week. Some of the main highlights from the report include the following:
- The total number of complaints increased by 79% from 2016 to 2017.
- Of those complaints, data access rights made up 52% of the total complaints received in 2017.
- The DPC received 2,795 valid data security breaches. This is an increase of 26% since 2016.
- The DPC’s Special Investigations Unit continued its work in the private investigator sector which resulted in several prosecutions.
- The DPC started their investigations into the hospital sector on the processing of patient data, on Tusla (the Child and Family Agency) with regards to the governance of personal data on their child protection cases and on the Public Services Card by the Department of Employment and Social Protection;
- The DPC budget has increased significantly. In 2017 it rose to €7.5 million and in 2018 it will further increase to €11.7 million. This makes the DPC one of the most highly-resourced data protection authorities in the EU.
- The DPC set up a dedicated GDPR Awareness and Training Unit and this included their website www.GDPRandYou.ie which assists organisations in their GDPR preparations.
In relation to GDPR, Helen Dixon, the Data Protection Commissioner, had the following message: “the GDPR’s focus is on demanding accountability from organisations in how they collect and process personal data. The best results for data subjects are secured when organisations of all types deliver on their obligations to be fair and transparent. We firmly believe that organisations should see the GDPR as an opportunity rather than a challenge and that those who can demonstrate a true commitment to data protection will be rewarded in the marketplace for their services.”
The report includes several case studies that highlight a variety of data protection issues that occurred in 2017. These include cases on the right to be forgotten, loss of sensitive data, using CCTV footage in a disciplinary process and marketing offences. The case studies are useful guides that can help businesses avoid or follow best practise in how they manage their data and we share one of these cases in our HR article this week.
The report can be read in full here
In the meantime you can avail of the GDPR toolkit to conduct your GDPR audit from the SFA website which you can download here.
If you would like more information on GDPR or to discuss your requirements further please contact Helen at SFA on 01 605 1668 or at firstname.lastname@example.org or visit our GDPR section on http://www.sfa.ie/advice