Irish Teacher Council – €60,000 Fine (Ireland, 2021)

€60,000Data Protection Commission2 December 2021Ireland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Irish Teaching Council was fined EUR 60,000 for a data breach where emails were forwarded to a malicious account. This highlights the need for strong cybersecurity practices to prevent unauthorized data access.

What happened

The Irish Teaching Council experienced a data breach where emails were automatically forwarded to an unauthorized external account.

Who was affected

Individuals whose personal data was included in the 323 emails forwarded to an unauthorized account.

What the authority found

The Irish authority found that the Council failed to implement adequate security measures and did not report the breach in a timely manner, violating GDPR.

Why this matters

This case underscores the importance of timely breach reporting and implementing effective security measures. Organizations should train employees on recognizing phishing attempts and ensure quick response to data breaches.

GDPR Articles Cited

Art. 33 GDPR
Art. 5(1) GDPR
Art. 32(1) GDPR
Ireland enforcementData Protection Commission actionsAll Irish Teacher Council actions
Full Legal Summary
Detailed

The Irish DPA has imposed a fine of EUR 60,000 on the Irish Teaching Council. The Council notified the DPA of a data breach under Art. 33 of the GDPR. Accordingly, two employees of the Council accessed a phishing email that allowed them to set up an automatic forwarding system from their email accounts to a malicious email account. As a result, 323 emails were forwarded to the unauthorized external email address between February 17, 2020 and March 6, 2020. The emails contained the personal data of 9,735 data subjects and the sensitive personal data of one data subject. The DPA therefore found that the Council had failed to implement appropriate technical and organizational measures to ensure a level of protection for data subjects' personal data commensurate with the risk. In addition, the DPA found that the Council failed to report the data breach in a timely manner.

Related Enforcement Actions (0)

No other enforcement actions found for Irish Teacher Council in IE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

2 December 2021

Authority

Data Protection Commission

Fine Amount

€60,000

Enforcement Tracker ID

ETid-987

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Irish Teacher Council - Ireland (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: