The HSE and its IT security vendors could face legal actions stemming from the cyber attack on the health service, a barrister specialising in data law has warned. Individuals affected by data breaches can sue for compensation under the GDPR since May 2018. Barrister Ronan Lupton said the HSE could also face fines or censure from the Data Protection Commissioner. “The HSE has all of the usual obligations laid down in law as a data controller under the GDPR, summarised best as requiring data privacy by design and by default,” said Mr Lupton. The HSE is obliged to notify affected parties under the GDPR, unless the data was encrypted.

Source: Irish Independent May 18, 2021 01:30 UTC