The Data Protection Commission handled more than 10,000 cases last year, a 9% increase on the previous year.

6,628 valid data security breaches were notified to the commission over the period, up 10% on 2019, with unauthorised disclosures making up the vast majority.

The details are contained in the DPC's annual report for last year which was published this morning.

It shows that at the end of December, 83 statutory inquiries were being carried out by the regulator, including 27 that were being conducted across borders.

Among those were nine involving Facebook, three each focused on Instagram, Twitter and Apple, two on Google and WhatsApp and one was looking at LinkedIn.

56 statutory inquiries were also under way into a range of domestic bodies, including 31 local authorities and An Garda Síochána over the use of surveillance technology for law enforcement.

An inquiry was also under way into Bank of Ireland over a potential unauthorised disclosure arising from the misconfiguring of new customers' Banking 365 profiles in a way that a customer could inadvertently access the personal data and current account of a different customer.

We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences

Inquiries were also under way into the Catholic Church, the Health Service Executive (3), the Department of Social Protection(2), Tusla (3) and the Irish Prison Service.

The Teaching Council was also the subject of an inquiry around the phishing of two email accounts held by staff and email redirection rules that saw the unauthorised processing of 332 emails containing personal data of a large number of data subjects.

Last year also saw the DPC issue its first fines under GDPR (General Data Protection Regulation), levying penalties against Tusla.

It also issued its first fine to a big tech company under the regulation, when in December it hit Twitter with a sanction of €450,000 for a data breach.

Data Protection Commissioner Helen Dixon

A draft decision was also submitted by it to other European data protection regulators for consideration under GDPR procedures in the case of WhatsApp's compliance with its transparency obligations under the regulation.

Three big tech firms' projects were postponed or revised over the year, when supervision action by the DPC raised issues around their implications for the rights and freedoms of individuals.

The DPC received a total of 4,660 complaints under GDPR over the 12 months, and concluded 4,476, of which 1,660 were received before last year.

Among the new complaints, access requests and fair processing made up half the total.

The commission acts as lead regulator for Europe for many large companies under the one stop shop mechanism and a total of 354 cross-border complaints were received by it in this regard.

The report also says that the DPC saw an increase during 2020 in the use of social engineering and phishing attacks to gain access to the IT systems of data controllers and processors.

"While many organisations initially put in place effective ICT security measures, it is evident that organisations are not taking proactive steps to monitor and review these measures, or to train staff to ensure that they are aware of evolving threats," the report said.

It also highlights the human error involved in data processing, with one financial organisation reporting a breach when a member of staff sent a photo of an account IBAN and BIC to the wrong customer, using WhatsApp.

A decision in which Ryanair was found to have infringed GDPR by failing to provide a person with a copy of a recording of a call following a subject access request is also detailed in the report.

Groupon was also found by the DPC to have infringed GDPR by requiring a customer to verify their identity by submitting a copy of a national ID document.

As in previous years, concerns in relation to direct marketing were plentiful with 147 new complaints lodged.

The regulator also began a consultation process on draft guidelines on the data protection rights of children and issued new guidance on the use of cookies and other tracking technologies on websites and online platforms.

Following this, the DPC issued enforcement notices to seven organisations late in the year for not complying with cookie and tracking rules.

Despite the growing workload of legitimate data protection complaints and breaches, Commissioner Helen Dixon said there was identifiable trends of complaints being received that "in truth, have little or nothing to do with data protection".

She said the DPC is concerned that the overall volume of complaints it receives have no identifiable data protection issue at all, reflecting "a desire on the part of many individuals to have access to an independent and easily-accessible, no-cost dispute resolution service for general grievances originating in a disparate range of personally challenging events".

Ms Dixon also said that 2020 saw a continued phenomenon of both organisations and individuals attempting to misuse the GDPR to obfuscate or pursue other agendas.