The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission



Case Study 1/00 An Garda Síochána
An individual wrote to An Garda Síochána seeking access under the Data Protection Act to all personal information held about him on computer. He gave his full name and address, and enclosed a postal order for £5.00 (the maximum fee payable for an access request).
view more

Case Study 2/00 Department of Education & Science
A group of teachers, all members of a particular trade union, was engaged in industrial action against the Department of Education & Science. The Department decided to withhold pay from the individuals for days on which, arising from their industrial action, the individuals were not – in the view of the Department – properly performing their work duties. In order to do this, the Department used the payroll database to identify those individuals who were members of the trade union, and pay was withheld from those individuals.
view more

Case Study 3/00 Mobile Telephone Company
The complainant in this case had difficulty when he attempted to purchase a mobile telephone from a shop. The shop took his details on a sign-up form, and telephoned the mobile phone company to activate the service, which was to operate on a contract basis. The mobile telephone company declined to accept the complainant as a customer, and refused to give reasons.
view more

Case Study 4/00 Financial Institutions
An individual made an access request to the Irish Credit Bureau (ICB), the main credit referencing body in Ireland, to see his credit record. On receiving the information, he noticed that a number of financial institutions, with which he had never had any dealings, had viewed his credit record.
view more

Case Study 5/00 Eircom
Eircom, a telecommunications company, maintained a large database of its telephone subscribers, some of whom were ex-directory. In the context of providing directory enquiries services, the company included the name and address of ex-directory subscribers, although the telephone number was blocked. Other telecommunications companies were allowed access to the Eircom subscriber database for the purpose of providing competing directory services, but data about ex-directory customers was withheld.
view more

Case Study 6/00 Financial Institution
An individual wrote to me expressing his concern that when using his Laser card – a type of debit card that can be used in shops for cashless transactions – his home address was printed on the receipt slip. Since retailers keep a copy of the receipt slip, the individual felt that his private details were being disclosed unnecessarily by his financial institution, which was responsible for the Laser card.
view more