Skip to main content

Data Security Breaches

  • Inform your Head of Department/Unit about the breach immediately
  • Head of Department/Unit must inform the Information Compliance Manager (E: T: (021) 490 3949)
  • Head of Department/Unit must complete part 1 of the Personal Data Breach Report Form and email it to 
  • Act quickly! Don't Delay!

The GDPR has introduced mandatory breach notifications. All breaches must be reported to the Data Protection Commission (DPC), typically within 72 hours, unless the data was anonymised or encrypted. In practice this means that most data breaches must be reported to the DPC. Breaches that are likely to bring harm to an individual – such as identity theft or breach of confidentiality – must also be reported to the individuals concerned.

It is worth noting that a failure to report a breach when required to do so could result in a fine, as well as a fine for the breach itself.

If you discover a breach or potential breach, inform your head of department who should then inform the Information Compliance Manager ( and complete Section 1 of the Personal Data Breach Report Form




Office of Corporate and Legal Affairs

Oifig um Ghnóthaí Corparáideacha agus Dlíthiúla

1 st Floor, East Wing, Main Quadrangle,