FOI Publication Scheme
Information about the DPC
Background
Under European Union (EU) law, everyone has the fundamental right to the protection of personal data concerning him or her. The Data Protection Commission (DPC) is the national independent authority in Ireland responsible for upholding this right. In particular, the DPC is the Irish supervisory authority for monitoring the application of the General Data Protection Regulation (GDPR). The DPC also has functions and powers relating to other regulatory frameworks, including the Irish ePrivacy Regulations (2011) and the EU Directive known as the Law Enforcement Directive (LED). The statutory powers, duties and functions of the DPC are as established under the Data Protection Act 2018, which gives further effect to the GDPR, and also gives effect to the LED.
Our Mission
Safeguarding data protection rights by driving compliance through guidance, supervision and enforcement.
Key Data Protection legislative frameworks applicable from 25 May 2018
The Data Protection Commission (DPC) is governed by a number of legislative frameworks which govern data protection in Ireland and the EU. Further information on legislation governing data protection can be found at this link.
Organisational Structure and Senior Management Biographies
The DPC website contains information on the Commission's senior management committee and organisational structure. This webpage also contains links to biographies of the senior management committee.
What we do
The Data Protection Act 2018, which became law on 25 May 2018 established a new Data Protection Commission (DPC). The new Commission is the national independent supervisory authority in Ireland with responsibility for upholding the fundamental right of the individual to have their personal data protected. The DPC’s statutory powers, functions and duties derive from the Data Protection Act 2018, General Data Protection Regulation, Law Enforcement Directive, as well as from the Data Protection Acts 1988 to 2003 which, inter alia, gives effect to Council of Europe Convention 108.
Using its statutory powers, the Data Protection Commission:
- examines complaints from individuals in relation to potential infringements of data protection law;
- conducts inquiries and investigations regarding infringements of data protection legislation and takes enforcement action where necessary;
- promote awareness amongst members of the public of their rights to have their personal information protected under data protection law;
- drives improved awareness and compliance with data protection legislation by data controllers and processors through the publication of high-quality guidance,
- engages proactively with public and private sector organisations;
- consults with organisations to assist in identifying risks to personal data protection, and offers guidance of best practice methods to mitigate against those risks;
- cooperates with other data protection authorities (including by sharing relevant information), and acts as Lead Supervisory Authority at EU level for organisations that have their main EU establishment in Ireland.
See more on our mission statement and our international work.
Strategy Statement
In its Strategy for 2022-2027, the Data Protection Commission sets out an ambitious vision for what we believe will be five crucial years in the evolution of data protection law, regulation and culture.
Annual Reports
Our most recent Annual Report covering the period 01 January to 31 December 2022 is available online.
Previous Annual Reports of the Data Protection Commissioner
Previous Annual Reports of the Data Protection Commissioner as established under the Data Protection Acts 1988 and 2003 prior to the enactment of the GDPR and Data Protection Act 2018 are available online.
Pay/Grading structures
Staff of the Data Protection Commission are Civil Servants and paid according to Civil Service pay scales. See Department of Public Expenditure and Reform for further information on Civil Service pay.
Locations and Contact
Information on how to contact the DPC.
Customer Charters
Services provided or to be provided to the public
See what we do for information on services the DPC provides to the public.
For information on the DPC consultations please click here.
Guidance for individuals on their rights under GDPR can be found here.
Responsibilities of Organisations can be found here.
How services can be accessed
Access for people who require special assistance
Contact our Data Protection Officer
Media and Outreach
Financial Statements
FOI Disclosure Log
How to make a Freedom of Information request
How to make a Freedom of Information Request
Procurement
DPC Procurement Guidelines - July 2023
The Data Protection Commission is a client of the Office of Government Procurement (OGP), which sources the vast bulk of our goods and services. The OGP publishes its pre-tender, tender and award notices on www.eTenders.gov.ie.
As of 12 July 2023, the DPC has no live tenders on the eTenders website.