Eilis McDonald & John Magee Tusla, Ireland’s child and family agency, has become the first organisation fined under the GDPR in Ireland. The Irish Data Protection Commission (DPC) filed papers in the Circuit Court on Friday to confirm the €75,000 fine against the Agency.
Tusla collects and processes highly sensitive, often special category data concerning children, vulnerable women and families across Ireland. The DPC reported three separate statutory inquiries into Tusla in respect of a number of breaches which had been reported to it since May 2018. The breaches included various instances of inappropriate system access, accidental and inappropriate disclosure of personal data by email and unauthorised disclosure of data.