The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

Guidance Notes for Registration

The following is not intended to constitute a legal interpretation of the requirement to register.


What is Registration?

Registration is the process by which data controllers and data processors (organisations that process personal data) inform the Data Protection Commissioner of certain details about their processing of personal information. These details are used by the Commissioner to make an entry describing the processing in a register that is available to the public for inspection here.


The principal purpose of registration is transparency andopenness. It isa basic principle of data protection that the public should know(or should be able to find out) who is processing their personal information as well as other details about the processing (such as why the processing i taking place).


Who is required to register?

The main categories of data controller required to register with the Data Protection Commissioner (if they hold personal data on computer) are:

  • Government Bodies / Public Authorities
  • Banks and financial / credit institutions
  • Insurance undertakings (not including brokers)
  • Data controllers whose business consists wholly or mainly in direct marketing
  • Data controllers whose business consists wholly or mainly in providing credit references
  • Data controllers whose business consists wholly or mainly in collecting debts
  • Internet access providers
  • Telecommunications network or service providers
  • Health professionals processing personal data related to mental or physical health
  • Data controllers processing genetic data
  • Data controllers whose business consists of processing personal data for the supply to others, other than journalistic, literary or artistic purposes.


Any data processor processing data on behalf of a data controller in one of these categories must also register.

The legislation governing registration is complex. For more detailed and specific information, please view our detailed guidance here.


How do I Register?

Please note as part of a government initiative to eliminate paper and cash based payment processes and migrate to electronic alternatives, 19th September 2014 has been designated as ‘e-Day’. After this date this Office will no longer be able to accept cheques as payment from business users.


After this date the following options may be used to make payments

·         Pay online using Laser MasterCard or Visa. Simply visit our website and under the Registration section, follow the links to On –Line Registration.

·         Pay by Electronic Fund Transfer (EFT): It is not possible to register online and make your payment by EFT. If using this method of payment, you will need to submit a manual registration application together with a note indicating that you have made payment/made arrangements for payment to be made by EFT. Please contact our Office on 057-8684800 to obtain the necessary bank details for EFT payment.



What is the fee for registration?

Processing fee for Applications / Renewals


Postal Applications

On-Line Applications
(Visa, Debit or Mastercard)

Applicants with 26 Employees or more (inclusive)



Applicants with 6 to 25 Employees (inclusive)



Applicants with 0 to 5 Employees (inclusive)






The Registration Cycle

The registration period is one year from the day we receive your correctly completed form with the appropriate fee. Your entry will then expire unless it is renewed. A renewal reminder letter will be sent to you approximately 3 weeks prior to your renewal date.


It is very important that we receive payment of the renewal fee prior to the expiry of your entry on the register.


At renewal time you will be asked whether there have been any changes to your registration (there is no extra fee if amendments are done at this stage). A letter will be sent to you to confirm that your entry has been renewed and providing the new expiry date.


Removing your register entry

If you consider that registration ceases to be necessary at any time during the registration period, you should write to us with full details and your registration number. Provided it is appropriate to do so, we will remove your entry from the register. We will then write to you to confirm that the entry has been removed.


Changes of legal entity

A register entry is not transferable from one data controller to another; if there is a change in the legal entity of the data controller, a new entry must be made in the register. Examples of changes in legal entity are when a sole trader becomes a partnership or a partnership becomes a limited company. If your previous entry is no longer required you must write in to request removal of your register entry.