The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

Self Regulation and Codes of Practice

The requirements of data protection law are quite clear, and applying the rules and principles of data protection to your business activities is often a matter of common sense. However, for some businesses and professions, interpreting and applying data protection law is not so straightforward, and sometimes requires a fine appreciation of the ethical norms and standards, and the traditional expectations of good practice, associated with that sector. For that reason, the Data Protection Act, 1988 provides that representative trade associations should have a direct input into the establishment of data protection standards within their sector.

Section 13 of the Act provides that the Data Protection Commissioner

"shall encourage trade associations and other bodies representing categories of data controllers to prepare codes of practice to be complied with by those categories in dealing with personal data."

If the Commissioner agrees that such a code provides adequate data protection for individuals, he will formally approve it and encourage its use in the sector concerned. The Commissioner may also draw up such a code of practice on his own initiative.  The standards laid down in such a code should help organisations to apply the data protection principles to the particular situations that they face in their sector.

Have Any Codes of Practice been Approved under the Data Protection Act?

The Commissioner has formally approved the following codes of practice.

The Commissioner has also approved a Personal Data Security Breach Code of Practice.

How can my Representative Body initiate a statutory Code of Practice?

If your representative association would like to initiate a code of practice, to clarify how data protection rules are to be applied for your sector, then we suggest that your association contact the Data Protection Commissioner, with a view to arranging discussions to progress the matter. The Commissioner will be glad to provide you with practical advice on what should be covered in your code of practice, and on how circumstances specific to your sector might be handled.

Contacting the Data Protection Commissioner