The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

Mission Statement

Office of the Data Protection Commissioner

Protecting data privacy rights by driving compliance through guidance, supervision and enforcement.


Statement of Strategy 2017 -2018

"What we do"

The office of the Data Protection Commissioner is established under the 1988 Data Protection Act, which was passed on the 13th July 1988, and came fully into force on the 19th April, 1989. The Data Protection Amendment Act, 2003, updated the legislation, implementing the provisions of EU Directive 95/46.The Acts set out the general principle that individuals should be in a position to control how data relating to them is used. "Data controllers" - people or organisations holding information about individuals on computer or in structured manual files - must comply with certain standards in handling personal data, and individuals have certain rights.

The Data Protection Commissioner is responsible for upholding the rights of individuals as set out in the Acts, and enforcing the obligations upon data controllers. The Commissioner is appointed by Government and is independent in the exercise of his or her functions. The Commissioner makes an annual report to the Oireachtas, the Irish Parliament. Individuals who feel their rights are being infringed can complain to the Commissioner, who will investigate the matter, and take whatever steps may be necessary to resolve it.

The Commissioner also maintains a register, available for public inspection, giving general details about the data handling practices of many important data controllers, such as Government Departments and financial institutions.

The Commissioner also has a role to play in the enforcement of Electronic Communications Data Protection and Privacy Regulations (S.I. 336 of 2011). These regulations make the sending of unsolicited direct marketing messages by electronic means an offence and among other things make provision for a telephone marketing opt-out register.

In addition to his primary responsibilities, the Data Protection Commissioner also exercises functions arising from Ireland's membership of the European Union (See "European Functions") and in relation to North/South Bodies.