How to report a breach, or a suspected breach

    What is a personal data breach?

    Under GDPR, a data breach is defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. This definition extends to breaches which result from malicious conduct, lack of appropriate security controls, system or human failure, or error.

    Breaches should be reported to the Data Protection Commissioner (DPC), typically within 72 hours, unless the data was anonymised or encrypted. In practice this will mean that most data breaches must be reported to the DPC. We are legally required to notify affected individuals (Data Subjects) where a Personal Data breach is likely to result in a high risk to their rights and freedoms. For further guidance on recognising and managing a data breach, please contact us at dataprotection@mu.ie.

    Departments and Offices have to implement robust processes and procedures in place to identify and report suspected Personal Data breach incidents. These procedures should also cover errors and “near misses” for learning opportunities and in order to mitigate possible future risks. These should also include documentation of any suspected Personal Data breach, comprising the facts relating to the breach, its effects and the remedial action taken. Failure to report a notifiable breach could result in enforcement action by the Data Protection Commissioner including the imposition of an administrative fine in addition to any fines imposed regarding the breach.

    If you discover a personal data breach or suspect a breach may have occurred this must be reported immediately to the Data Protection Officer. Please contact us by email and complete the Breach Notification Form below. Once a staff member becomes aware of a data breach, the 72 hours begins, whether or not they have notified the Data Protection Office. Therefore, it is imperative that we are notified as quickly as possible.

    email: dataprotection@mu.ie
    tel: 01 708 6184 or 01 708 3654