Mandated Timeframe for Breach Reporting and/or Consumer Notification

Within 72 Hours
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Written Program for Protection & Security
  • Third Party: Specific Obligations
  • Third Parties: Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of Breach and Notification Laws
Up to 4% of annual global turnover or €20 M

Regulation Levels
  • Breach Reporting
  • Consumer Notification
  • Third Party Management
  • Privacy Programs
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • Registration with the Data Protection Commissioner (DPC) of Ireland may be different from other Member States
  •  Ireland defines certain personal information as sensitive data.  This data may have additional requirements related to data protection, data subject access, etc.
  • Sensitive personal information include but is not limited to: racial or ethnic origins; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health condition; sexual life; and any proceedings for an offence committed or alleged to have been committed by the data subject.
BAck to map