Child and family agency Tusla has accepted a €40,000 fine from the Data Protection Commission (DPC) for a breach that involved it mailing a letter detailing allegations of abuse to a third party who then posted the correspondence on social media.
The fine is just the second that the DPC has issued since 2018, when the General Data Protection Regulation (GDPR) came into force across the European Union. The DPC’s first fine of €75,000 was also against Tusla.
Tusla reported the most recent case to the DPC last November. The agency confirmed last week that it would not be appealing against the fine, of which it had been notified earlier this month. Details of the case are set out in a two-year review of the