Listen
to
this
post
On
March
7,
2023,
the
Irish
Data
Protection
Commission
(“DPC”)
published
its
Annual
Report
for
2022
(the
“Report”).
The
Report
contains
details
on
several
areas
of
the
DPC’s
work,
including
complaints
from
data
subjects
received
by
the
DPC,
personal
data
breach
notifications
received
by
the
DPC
and
statutory
inquiries
conducted
by
the
DPC.
Highlights
from
the
Report
include:
-
During
2022,
the
DPC
received
2,700
complaints
from
data
subjects
under
the
General
Data
Protection
Regulation
(“GDPR”).
Almost
half
of
the
complaints
related
to
data
subject
access
requests,
while
other
common
issues
related
to
fair
processing
and
direct
marketing. -
During
2022,
the
DPC
received
5,828
personal
data
breach
notifications,
5,695
of
which
were
valid
GDPR
personal
data
breaches.
Of
the
notifications,
52%
were
from
the
private
sector,
44%
were
from
the
public
sector
and
the
remaining
4%
were
from
the
voluntary
and
charity
sector.
The
Report
also
includes
a
high-level
breakdown
of
the
categories
of
personal
data
breaches
notified.
The
category
with
the
highest
number
of
notifications
was
unauthorized
disclosure
by
postal
material
to
an
incorrect
recipient.
Other
categories
include
unauthorized
disclosure
through
email,
lost
or
stolen
official
documents,
hacking
and
unauthorized
access
of
online
accounts. -
During
2022,
the
DPC
conducted
17
large-scale
inquiries
and
imposed
administrative
fines
in
excess
of
€1
billion
and
multiple
reprimands
and
compliance
orders. -
During
2022,
the
DPC
received
125
valid
cross-border
complaints
as
the
Lead
Supervisory
Authority
and
12
valid
cross-border
complaints
as
a
Concerned
Supervisory
Authority.
In
her
forward
to
the
Report,
Data
Protection
Commissioner
Helen
Dixon
stated
“2022
was
a
year
in
which
the
conclusion
of
comprehensive
DPC
enforcement
action
brought
clarity
to
the
application
and
enforcement
of
many
novel
and
complex
issues
under
the
GDPR.”
Looking
forward,
the
Commissioner
indicated
that
the
DPC’s
work
in
2023
“is
set
to
continue
this
trend”
as
the
DPC
seeks
to
“pursue
the
issues
of
greatest
consequence
for
data
subjects,
drive
compliance,
and,
most
importantly,
safeguard
individuals’
rights.”
Read
the
press
release.