Notification of data breaches to the Irish supervisory authorities

The data controllers must report data breaches to the Data Protection Commission via notification form, which is available at: It must be filled in and emailed to

Part 5 Section 85 of the Irish Data Protection Act provides that, when a processor becomes aware of a personal data breach, the processor shall notify the controller on whose behalf the data is being processed of the breach in writing without delay.

Guidelines of the Irish supervisory authorities

Breach notification are mandatory under the GDPR. Before the GDPR came into effect, the Data Protection Commission had published the “Personal Data Security Breach Code of Practice”, which has not been changed yet. It contains data-security-breach guidelines but is not binding.


Further information: