It has been reported to the European National Data Protection Commissioners that Ireland has the second highest levels of GDPR breach cases per capita with 10,516 reports between May 2018 and January 2020, and 6,716 from last year alone.
Shockingly, this amounts to 132.5 data breaches notified per 100,000 people since January 2019. This level of GDPR breaches and data breaches notified to the Data Protection Commissioner is both encouraging and disappointing.
The extent of GDPR data breach reporting is encouraging because it reflects a growing understanding by the Irish population of the importance of data protection and the extent of data protection available from our legislation. It also shows an awareness for non-compliance combined with a growing resolve and determination by Irish people to vindicate data protection rights and enforce data protection remedies.
Despite this, it is simultaneously ironic that out of the 10,516 cases reported to the Data Protection Commissioner, only a fraction of these cases have been referred to Data Protection Solicitors and Data Breach Solicitors for prosecution of civil proceedings. There appears to be a general lack of understanding that while referral of a data breach to the Data Protection Commissioner may result in substantial fines for the recalcitrant data controller, this is of little benefit to the subject of the data breach. This is because the fines are paid to the Data Protection Commissioner’s offices and not to the subject of the data breach. Citizens do not appear to understand that a data breach is a breach of your fundamental human rights.
Data Protection rights and laws entitle the subject of a data breach to compensation if the breach is recovered through civil proceedings. This can be organised when the subject of the data breach instructs their Data Breach Solicitor to prosecute the data controller by way of civil proceedings for data breach in the civil courts. In reality, this is the only by-way of instructing a data solicitor to prosecute civil proceedings for data breach. In this occasion, the data breach subject will receive a remedy and a measure of compensation. It is only by victims going through with this that effective enforcement and policing of data protection occurs as intended by the Data Protection Act.
Unfortunately, in spite of the extent of publicity prior to the passing of GDPR into law, it seems that many data controllers do not appear to appreciate that data protection is a human right which must be safe guarded at all times. Worryingly, many companies that process personal data do not enforce proper and amplified procedures for data audits, data security, data storage and data deletion. These measures must be put in place to safe guard the data subjects rights. From studying the reports of GDPR breaches over the years, it is clear that there has been an inadequate appreciation by data controllers both of the importance of data protection and the extent of the obligations highlighted to data subjects by the data protection legislation GDPR. If the parties subject to data protection are to demand that there is adequate enforcement and protection of data security rights, or find that they have been subject to illegal data breach and seek a remedy and enforcement should instruct their data breach or data protection Solicitor or MyCase Law Firm.