The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission
Data Protection Commissioner publishes 2017 Annual Report
The Data Protection Commissioner (DPC), Helen Dixon, today launched the 2017 Annual Report of the DPC, her fourth annual report since taking office and also announced a national public information campaign to further raise awareness of the General Data Protection Regulation (GDPR) which will apply from 25 May 2018. This report details the workings of the office throughout 2017, a year that saw a significant increase in the DPC’s budget to €7.5 million (the budget for 2018 is further increased to €11.7 million), and the extensive recruitment of a very strong team of new hires with a diverse range of relevant skills. Such increase in resources means that the DPC is now among the top tier of the most highly-resourced national data protection authorities in the EU28.
Highlights of the 2017 Annual Report include:
  • total complaints received in 2017 was 2,642, up from 1,479 in 2016 (a 79% increase) with the largest single category being “Access Rights” which made up 1,372 (or 52%) of the total;
  • 2,594 complaints were concluded in 2017, compared to 1,438 in 2016;
  • 2,795 valid data security breaches were recorded in 2017, representing an increase of 26% on the number of breaches recorded in 2016;
  • the DPC’s Special Investigations Unit continued its work in the Private Investigator sector resulting in several prosecutions;
  • the DPC also commenced an investigation in the Hospital Sector on the processing of patient data; on Tusla (the Child and Family Agency) regarding the governance of personal data concerning child protection cases; and on the Public Services Card of the Department of Employment and Social Protection;
  • a hearing in the DPC Standard Contractual Clauses (SCCs) High Court case held in February/March 2017. The judgment was delivered by Ms. Caroline Costello in October 2017;
  • six entities were prosecuted for offences under S.I. 336 of 2011 in 2017 in respect of electronic marketing. The summonses for these six cases covered 42 offences;
  • there was strong strategic engagement with the Article 29 Working Party with all plenary and subgroup meetings actively contributed at. The DPC acted as lead rapporteur on the GDPR transparency guidance; and
  • a dedicated GDPR Awareness and Training Unit was established in 2017 with responsibility for driving the DPC’s awareness activities. Central to the GDPR awareness drive was the launch of a microsite: www.GDPRandYou.ie, serving as a central hub for published guidance and a starting point for organisations seeking assistance with GDPR preparations.
The Data Protection Commissioner, Helen Dixon, in publishing her fourth Annual Report today commented that “the protection of personal data is of fundamental importance in this digital age. The Irish DPC has a critically important role to play in ensuring those protections are delivered and I’m pleased to launch my Annual Report today to highlight outcomes, progress and challenges for the past year and to raise awareness of data protection law as we move into GDPR implementation in 2018.”
In terms of the DPC’s workload in 2017, Ms. Dixon stated that “the consistent rise in the DPC’s caseload over recent years continued in 2017 and a record number of complaints (2,642) were received and concluded (2,594) by our office.
The DPC spent much of 2017 raising awareness for the GDPR and Ms. Dixon had the following message “the GDPR’s focus is on demanding accountability from organisations in how they collect and process personal data. The best results for data subjects are secured when organisations of all types deliver on their obligations to be fair and transparent. We firmly believe that organisations should see the GDPR as an opportunity rather than a challenge and that those who can demonstrate a true commitment to data protection will be rewarded in the marketplace for their services.”
For media related queries, please contact Graham Doyle, Head of Communications, Data Protection Commissioner
Mob. 087-9392359