Roselle May Advincula

Project type: Ghostwriting, Research Client: Forum Contributor for guides and commentaries Status: Published (www.gdprcommunity.com) Niche: Technology, Data Security Tusla Becomes the First Ireland-Based Organization to be Fined Under GDPR Child and family agency, Tusla, has become the first organization in Ireland to be fined for breaching the GDPR. The agency was fined €75,000 after investigations into three privacy breach cases confirmed that information about children and families under their supervision were disclosed to unauthorized parties. The fine was confirmed by the Data Protection Commission in the lodgment of the case against Tusla in the Circuit Court on May 15, 2020. Tusla will not contest the court's decision. “We have fully engaged with the DPC in their three investigations which are largely based on breaches identified by Tusla and reported to the DPC in a timely fashion,” a spokeswoman from the agency said. Guide on GDPR’s Fines and Penalties Information about GDPR's fines and penalties can be found on the regulation's Article 83: 4. Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to- EUR, or in the case of an undertaking, up to 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher: a) the obligations of the controller and the processor pursuant to Articles 8, 11, 25 to 39 and 42 and 43; b) the obligations of the certification body pursuant to Articles 42 and 43; c) the obligations of the monitoring body pursuant to Article 41(4). 5. Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to- EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher: a) the basic principles for processing, including conditions for consent, pursuant to Articles 5, 6, 7 and 9; b) the data subjects’ rights pursuant to Articles 12 to 22; c) the transfers of personal data to a recipient in a third country or an international organisation pursuant to Articles 44 to 49; d) any obligations pursuant to Member State law adopted under Chapter IX; e) non-compliance with an order or a temporary or definitive limitation on processing or the suspension of data flows by the supervisory authority pursuant to Article 58(2) or failure to provide access in violation of Article 58(1)