Notification of data breaches to the Irish supervisory authorities

The data controllers must report data breaches to the Data Protection Commission via notification form, which is available at: https://forms.dataprotection.ie/report-a-breach-of-personal-data

Part 5 Section 85 of the Irish Data Protection Act provides that, when a processor becomes aware of a personal data breach, the processor shall notify the controller on whose behalf the data is being processed of the breach in writing without delay.

Guidelines of the Irish supervisory authorities

In most cases breach notification are mandatory under the GDPR. In October 2019 the Irish Data Protection Commission published a new “Practical Guide to Personal Data Breach Notifications under the GDPR”, see: https://www.dataprotection.ie/sites/default/files/uploads/2019-10/Data%20Breach%20Notification_Practical%20Guidance_Oct19.pdf

Further information: https://dataprotection.ie/docs/GDPR-Overview/m/1718.htm