The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

The Data Protection Rules

Your legal responsibilities as a Data Controller

You have certain key responsibilities in relation to the information which you keep on computer or in a structured manual file about individuals. These may be summarised in terms of eight "Rules" which you must follow, and which are listed below. Click on the links to see more information.

These provisions are binding on every data controller. Any failure to observe them would be a breach of the Act.

Certain data controllers are also required to register with the Data Protection Commissioner - see the registration section for more details.


To see how well, or how poorly, your business meets its data protection responsibilities, test yourself by using our self-assessment checklist. If you can answer yes to all of the questions, your business is in good shape from a data protection viewpoint. If you don't have a clean sheet, the checklist can help you identify the areas where you need to improve.

MENU Select Page No.