Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:


Home / News
IRISH SUPERVISORY AUTHORITY: Overview of the upcoming new breach notification web-forms

IRISH SUPERVISORY AUTHORITY: Overview of the upcoming new breach notification web-forms

The Irish Data Protection Authority (DPC) has carried out a review of the breach web-forms currently being used by data controllers to notify personal data breaches in accordance with Article 33 of the GDPR and Section 86 of the Data Protection Act 2018. On foot of this review, data controllers will be required in the coming weeks to use a revised web-form.

The purpose of the revised breach web-form is:

  • To improve ease-of-use for data controllers.
  • To streamline the method of notifying “cross-border” personal data breaches and “national” personal data breaches into a single channel.
  • To reduce common errors or misunderstandings when breach web-forms are submitted.
  • To take into consideration observations and issues previously raised by data controllers.
  • To expand the questions that are asked in order to reduce the requirement for the DPC to issue follow-up enquiries to data controllers.

Below are highlights of the changes that are being introduced to the breach notification web-form:

  • The addition of introductory “screening” questions to assist data controllers in determining whether a breach notification is required to be made and to reduce the risk of the breach notification web-form being used in error by individuals seeking to raise a concern regarding their own personal data.
  • The “national” and “cross-border” breach web-forms are combined into a single form, which brings users through the information required to assess whether the breach relates to cross-border processing and whether the DPC or another supervisory authority is competent with respect to the breach.
  • Options that are more detailed will be presented to users when selecting the type, nature and cause of the incident and the types of data involved and more guidance is provided regarding the type of information being sought by the breach web-form. This should reduce the need for follow-up clarification questions being issued by the DPC to the data controller. The new questions will also bring the breach web-form more in line with breach notification forms used by other EU supervisory authorities, facilitating the notification of personal data breaches by data controllers who interact with multiple EU supervisory authorities.
  • Character limits have been increased for fields requiring expansive answers

Data controllers should continue to consult the DPC’s guidance on personal data breach notifications in order to ensure full compliance with their obligations under Article 33 of the GDPR and section 86 of the Data Protection Act 2018.

Changes will also be forthcoming in relation to this form upon transposition of the European Electronic Communications Code into Irish law.


Recommended to you

Advanced Research