Tusla Child and Family Agency

€85,000

Insufficient technical and organisational measures to ensure information security

Decision Date

August 12, 2020

Authority

Data Protection Authority of Ireland

IE

Sector

Public Sector and Education

Country

IE

Law

GDPR

Status

FINAL

Description

The Irish DPA (DPC) fined Tusla Child and Family Agency EUR 85,000. The controller had reported 71 data breaches to the Irish DPA that occurred between May 25 and November 16, 2018, and concerned the unauthorized access of personal data processed by the controller. After a broad investigation, the DPA concluded that the controller failed to implement adequate technical and organizational measures to protect the data processing and thus violated Art. 32 (1) of the GDPR.

Legal Citations

Art. 32 (1)

Issues & Violations

Insufficient technical and organisational measures to ensure information security
View Official Document
Back to Fines Database
Previous Fine
Italian Data Protection Authority (Garante) - Comm...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.