Changeflow GovPing Data Protection Data Protection Commission Opens Inquiry into C...
Priority review Enforcement Added Final

Data Protection Commission Opens Inquiry into Children's Health Ireland

Favicon for www.dataprotection.ie DPC Press Releases (Ireland DPA)
Filed August 14th, 2025
Detected February 11th, 2026
Email

Summary

The Data Protection Commission (DPC) has opened a formal inquiry into Children's Health Ireland (CHI) concerning the security of children's health records at Tallaght University Hospital. The inquiry follows protected disclosures and a breach notification, and will examine CHI's GDPR compliance regarding physical data security.

View original document View source feed page

What changed

The Data Protection Commission (DPC) has initiated a formal inquiry into Children's Health Ireland (CHI), specifically focusing on the physical safety and security of children's health records at Tallaght University Hospital. This action stems from protected disclosures received by the DPC and a breach notification submitted by CHI. The inquiry will scrutinize CHI's adherence to GDPR obligations concerning the security of personal data and its processes for managing physical records at the specified facility.

This development requires healthcare providers, particularly those handling sensitive patient data, to review their physical data security measures and compliance with GDPR. While no specific compliance deadline is mentioned, regulated entities should ensure their data protection policies and procedures, especially concerning physical records, are robust and align with GDPR requirements to avoid potential investigations and sanctions. The DPC's action highlights the importance of stringent data security practices in the healthcare sector.

What to do next

  1. Review physical data security measures for patient records.
  2. Ensure compliance with GDPR obligations regarding data security.
  3. Verify processes for managing physical records.

Source document (simplified)

News & Media

Data Protection Commission Opens Inquiry into Children’s Health Ireland

14th August 2025

The Data Protection Commission (DPC) has today announced the opening of an inquiry into Children’s Health Ireland (CHI), relating to the physical safety and security of children’s health records within one specific CHI facility at Tallaght University Hospital (TUH).

The DPC became aware that there were potential issues at this site from a number of different sources of information, including through protected disclosures that the DPC received and also a breach notification submitted to the DPC by CHI. Having reviewed the information, the DPC conducted an unannounced site inspection on Wednesday 16 July, 2025.

This formal inquiry will examine CHI’s compliance with their GDPR obligations, in particular relating to the security of personal data and the processes that CHI have in place for managing physical records at CHI (Tallaght).

Related changes

Favicon for www.priv.gc.ca Privacy Commissioner of Canada ArriveCAN App Investigation Report
Routine Mar 13, 2026 Canada OPC News & Actions Government
Favicon for www.priv.gc.ca Privacy Commissioner concludes Loblaw loyalty program investigation
Priority review Mar 13, 2026 Canada OPC News & Actions Government
Favicon for www.priv.gc.ca Global Data Protection Authorities Statement on AI Imagery Privacy
Priority review Mar 13, 2026 Canada OPC News & Actions Government
Favicon for www.pcpd.org.hk Hong Kong PCPD Arrests Two for Suspected Doxxing
Urgent Mar 13, 2026 PCPD Media Statements (HK) Data Protection
Favicon for www.pcpd.org.hk Global Privacy Authorities Joint Statement on AI-Generated Imagery
Priority review Mar 13, 2026 PCPD Media Statements (HK) Data Protection
Favicon for www.pcpd.org.hk Privacy Commissioner Reports 2025 Work and Data Security Incidents
Priority review Mar 13, 2026 PCPD Media Statements (HK) Data Protection

Source

Favicon for www.dataprotection.ie
DPC Press Releases (Ireland DPA) dataprotection.ie/en/news-media/press-releases
Data Protection
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Various DPAs (CNIL, BfDI, AEPD, etc.)
Filed
August 14th, 2025
Instrument
Enforcement
Legal weight
Binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Healthcare providers
Geographic scope
Ireland

Taxonomy

Primary area
Data Privacy
Operational domain
Compliance
Topics
Healthcare GDPR

Browse Categories

Federal Courts 26 State Courts 91 Securities Regulation 6 Financial Regulation 43 Consumer Protection 5 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 42 Energy Regulation 13 Environment 3 Labor & Employment 2 Tax 1

Get Data Protection alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when DPC Press Releases (Ireland DPA) publishes new changes.

Free. Unsubscribe anytime.