RTE’s notification of a data breach leaves the national broadcaster open to a fine of up to €20m

A newsroom memo that named a sports star in relation to allegations of sexual assault and was leaked and posted on social media has led RTE to notify the Data Protection Commission (DPC) of a data breach.

The DPC confirmed the notification from RTE and said it fell within the EU’s General Data Protection Regulation (GDPR), leaving the national broadcaster open to a fine.

Under GDPR, a data controller, in this case RTE, must notify an individual or company whose data has been compromised and their privacy affected.

As RTE carries out commercial activities in addition to its public service remit, its failure to comply with GDPR could result in a fine of up to €20m, depending on the severity of the breach. The maximum