The General Data Protection Regulations ( GDPR ) were brought into law in Ireland under the Data Protection Act 2018.
A Data Breach is an incident where information is leaked or stolen. This can be due to a cyber attack by a third party but is more commonly something that happens accidentally.
Section 117 of the 2008 Act entitles the bringing of a Civil Action against the Data Controller or Data Processor involved.
In a departure from the previous law, the victim is entitled to bring a claim even if they have no actual quantifiable loss.
The intent of the Data Controller/Processor is not relevant and even an innocent mistake like sending an email to an incorrect address is actionable if it results in a breach of personal data.
What is needed to bring an Action is to establish that there was a breach of the 2018 Act and the duty of care that exists to each of us, and to show that Damage has resulted which was caused by the breach.
Claims in relation to Data Breaches which include claims for distress have to go through the Injuries Resolution Board before they will be considered by the Court hearing the Data Breach case.
If you are a Data Controller/Processor and have failed to handle personal data correctly, or if you are an individual whose data has not been correctly dealt with, we are here to advise. Please contact us here – at 01 873 5012 or info@mcgrathmullan.ie and we would be glad to assist you.