The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

Data Protection Commissioner launches 2016 Annual Report

The Data Protection Commissioner (DPC), Helen Dixon, today launched The 2016 Annual Report of the Data Protection Commissioner of Ireland, her third annual report since taking office. The report highlights activities and achievements across all aspects of the office’s regulatory functions, including an increased volume of complaints being handled by the DPC, which reflects the growing awareness of, and concern for, data protection matters amongst individuals and organisations.
Highlights of the 2016 Annual Report include:
  • Establishment of the new Multinationals and Technology team to lead on supervision of multinationals.
  • Strengthened legal and technical teams.
  • Increased queries dealt with by the DPC, up on 2015 figures. (15,335 email queries processed, 16,744 calls to the helpdesk and 1,150 queries by post.)
  • Over 50 in-depth audits and inspections carried out, including of state agencies.
  • 1,438 complaints concluded in 2016, up from 1,015 in 2015.
  • 9 successful prosecutions for electronic marketing offences.
  • 2 successful prosecutions against private investigators for breaches in respect of access rights.
  • Over 100 face-to-face meetings with multinational companies.
  • 1,170 public and private sector consultation projects dealt with in 2016, up from 860 in 2015.
  • Extensive information and awareness raising activities, participating in more than 60 speaking events.
  • Initiation of the High Court case on standard contractual clauses (SCCs), seeking reference to CJEU, and the subsequent proceedings. Launch of the @DPCIreland twitter account in October, which is among the fastest   growing DPA accounts in the world.
  • Continued expansion of the DPC. Staffing numbers are now close to 70 and are expected to reach 100 by the end of 2017.
  • Commencement of intensive preparatory work in advance of the General Data Protection Regulation.
  • Increased proactive engagement with other EU data protection authorities in preparing guidance on the General Data Protection Regulation
Reflecting on the office’s activities and achievements in 2016, and looking toward the challenges of the next twelve months, Helen Dixon said; “The data protection rights of individuals need to be vigorously defended in this increasingly digital era. 2016 was a year in which the Irish DPC challenged both public and private sector bodies to do better to protect the personal data of their customers and members of the public.”
“Through guidance, inspections, enforcement and consultation, the DPC delivered real results in driving compliance with data protection law, ensuring individuals’ data protection rights are put at the centre of commercial and public projects.”
 “This increased output from the DPC has been made possible by the expanded resources of the office and the increased number of skilled staff. The next 12 months are about preparing both the office and regulated entities for the General Data Protection Regulation, which will drive accountability for - and regulation of - data protection to a new level”.

Annual Report 2016

11 April, 2017
For media queries, please contact media@dataprotection.ie or MB Donnelly, DPC Media and Communications, on (+353) (0)87 280 9802.
Notes for Editors
The Data Protection Commissioner is responsible for protecting the data protection rights of individual data subjects and enforcing the relevant obligations upon data controllers established in Ireland, including multinational companies. Under the Data Protection Acts 1988 and 2003, and in accordance with EU law including case-law of the European Court of Justice, the Commissioner is fully independent in the exercise of her functions.
The office was first established in Dublin in 1989, before de-centralising to Portarlington, Co. Laois in 2006. Since 2014, the office has had a dual-presence in Dublin and in Portarlington, and in January 2017 the office officially opened its new premises in Fitzwilliam Square. The DPC operates from both Dublin and Portarlington bases.
Individuals and organisations who have concerns about data protection matters can contact the offices of the DPC for advice, consultation and investigation as appropriate.