FOI Publication Scheme

Information about the DPC


Under European Union (EU) law, everyone has the fundamental right to the protection of personal data concerning him or her. The Data Protection Commission (DPC) is the national independent authority in Ireland responsible for upholding this right. In particular, the DPC is the Irish supervisory authority for monitoring the application of the General Data Protection Regulation (GDPR). The DPC also has functions and powers relating to other regulatory frameworks, including the Irish ePrivacy Regulations (2011) and the EU Directive known as the Law Enforcement Directive (LED). The statutory powers, duties and functions of the DPC are as established under the Data Protection Act 2018, which gives further effect to the GDPR, and also gives effect to the LED.

Our Mission

Safeguarding data protection rights by driving compliance through guidance, supervision and enforcement.

Key Data Protection legislative frameworks applicable from 25 May 2018

The Data Protection Commission (DPC) is governed by a number of legislative frameworks which govern data protection in Ireland and the EU. Further information on legislation governing data protection can be found at this link.

Organisational Structure and Senior Management Biographies

The DPC website contains information on the Commission's senior management committee and organisational structure. This webpage also contains links to biographies of the senior management committee.

What we do

The Data Protection Act 2018, which became law on 25 May 2018 established a new Data Protection Commission (DPC). The new Commission is the national independent supervisory authority in Ireland with responsibility for upholding the fundamental right of the individual to have their personal data protected.  The DPC’s statutory powers, functions and duties derive from the Data Protection Act 2018, General Data Protection Regulation, Law Enforcement Directive, as well as from the Data Protection Acts 1988 to 2003 which, inter alia, gives effect to Council of Europe Convention 108.

Using its statutory powers, the Data Protection Commission:

  • examines complaints from individuals in relation to potential infringements of data protection law;
  • conducts inquiries and investigations regarding infringements of data protection legislation and takes enforcement action where necessary;
  • promote awareness amongst members of the public of their rights to have their personal information protected under data protection law;
  • drives improved awareness and compliance with data protection legislation by data controllers and processors through the publication of high-quality guidance,
  • engages proactively with public and private sector organisations;
  • consults with organisations to assist in identifying risks to personal data protection, and offers guidance of best practice methods to mitigate against those risks;
  • cooperates with other data protection authorities (including by sharing relevant information), and acts as Lead Supervisory Authority at EU level for organisations that have their main EU establishment in Ireland.

See more on our mission statement and our international work.

Strategy Statement

In its Strategy for 2022-2027, the Data Protection Commission sets out an ambitious vision for what we believe will be five crucial years in the evolution of data protection law, regulation and culture.

Statement of Strategy

Annual Reports

Our most recent Annual Report covering the period 01 January to 31 December 2022 is available online.

Previous Annual Reports of the Data Protection Commissioner

Previous Annual Reports of the Data Protection Commissioner as established under the Data Protection Acts 1988 and 2003 prior to the enactment of the GDPR and Data Protection Act 2018 are available online.

Pay/Grading structures

Staff of the Data Protection Commission are Civil Servants and paid according to Civil Service pay scales. See Department of Public Expenditure and Reform for further information on Civil Service pay.

Locations and Contact

Information on how to contact the DPC.

Customer Charters

Customer Service Charter

Services provided or to be provided to the public

See what we do for information on services the DPC provides to the public.

For information on the DPC consultations please click here.

Guidance for individuals on their rights under GDPR can be found here.

Responsibilities of Organisations can be found here.

How services can be accessed

Contact the DPC

Access for people who require special assistance

Contact our Data Protection Officer

Media and Outreach

Media queries

Speaking invitations

Financial Statements


25 May - 31 December 2018

1 January - 24 May 2018




FOI Disclosure Log

FOI Disclosure Log

How to make a Freedom of Information request

How to make a Freedom of Information Request


DPC Procurement Guidelines - July 2023

The Data Protection Commission is a client of the Office of Government Procurement (OGP), which sources the vast bulk of our goods and services. The OGP publishes its pre-tender, tender and award notices on

As of 12 July 2023, the DPC has no live tenders on the eTenders website.