What do I do if a personal data breach occurs? Corporate & Commercial

Generally, you need to report a personal data breach to the Information Commissioner within 72 hours of becoming aware of it, setting out what happened, the number of people affected, likely consequences and steps taken.

The maximum fine for serious breaches is four per cent of turnover or €20 million, whichever is the larger figure. For smaller offences the maximum is two per cent of turnover or €10 million.