Tusla fined €40,000 in second GDPR breach

Tusla, the Child and Family Agency, has been fined €40,000 by the Data Protection Commission (DPC) after it sent a letter containing allegations of abuse to a third party who then uploaded it to social media.

This is the second fine that the DPC has issued under the EU General Data Protection Regulation (GDPR) since it came into force in 2018. The first fine, of €75,000, was also issued against Tusla.

Tusla reported this case to the DPC last November and the agency has confirmed that it will not be appealing the decision, The Times reports.

According to the report on the breach, it occurred 29 weeks before Tusla reported it to the DPC. In addition to the inadvertent release of the letter, the delay in reporting it fell foul of GDPR rules.

In its review of GDPR, which made the DPC the lead EU regulator for tech companies in Ireland, the DPC said it had been sent 12,500 breach notifications and that 95 per cent of those cases were now closed.

Share icon
Share this article: