The submission of a case in the Circuit Court by the Data Protection Commission (DPC) last week confirms the fine. Governmental or State entities can be sanctioned with fines as high as €1m in relation to breaches of GDPR.
A Tusla spokesperson issued a statement which said that the organization will not be appealing the decision of the Data Protection Commission. It said: “Tusla is acutely aware of its responsibilities in relation to the very sensitive data we work with on a daily basis. Such information is generated in several hundred thousand interactions every year.
“We have fully engaged with the DPC in their three investigations which are largely based on breaches identified by Tusla and reported to the DPC in a timely fashion. The main focus of our work with the DPC is in setting out improvement plans and more importantly implementing those. These reforms do take time in a complex and challenging environment.”
Lastly, the spokesperson said that the group is also facing two other data breach investigations but would no be commenting on those cases currently.
In relation to this she said: “We want to assure the public, as we did in February when these investigations were referred to in the DPC annual report 2019, that we are not waiting for the investigation reports to formally conclude before making improvements which are ongoing in an extensive programme.”