Who we are

The Data Protection Commission (DPC) is the national independent authority in Ireland responsible for upholding the fundamental right of individuals in the European Union (EU) to have their personal data protected. Accordingly, the DPC is the Irish supervisory authority responsible for monitoring the application of the General Data Protection Regulation (GDPR), and we also have functions and powers related to other regulatory frameworks, including the Irish ePrivacy Regulations (2011) and the EU Directive known as the Law Enforcement Directive (LED). The statutory powers, duties and functions of the DPC are as established under the Data Protection Act 2018, which gives further effect to the GDPR and also gives effect to the LED.

Our Mission

Safeguarding data protection rights by driving compliance through guidance, supervision and enforcement.

 

Organisation Chart

Commissioner for Data Protection

Frontline Breach, Complaint and Information

National Complaints including Access Requests, LED, Breach & Processing

CB Complaints -: Assessment, Handling & Inquiries; ePrivacy Investigations; Enforcement; Prosecutions

Large Scale Inquiries and Investigations

Supervision, Guidance & International Affairs

Technology & Operational Performance

Legal Affairs

Strategy, Governance, Finance & Risk

Corporate Affairs, People & Learning, Media & Communica-tions

Our team

Ian Chambers

Ian Chambers

Ian Chambers was appointed Deputy Commissioner, Head of Frontline, Breach, Complaints and Information, in November 2022. He previously served as Assistant Commissioner with the DPC for the previous three years as head of the Information and Assessment unit. Since joining the civil service in 2013 he has worked in a number of areas, including local property tax administration with the Revenue Commissioners, as well as in the Department of Social Protection Internal Investigations Unit.

In his current role he has responsibility for the following at the DPC:

  • Breach Notifications
  • Direct Intervention
  • Complaint Assessment
  • Early Resolution
  • Information
  • Frontline Legal

Sandra Skehan

Sandra Skehan

Sandra Skehan was appointed as Deputy Commissioner, Head of National Complaints in November 2022. Sandra has responsibility for overseeing the examination of complaints relating to access requests, breach complaints, matters relating to processing issues, RTBF and LED Complaints, amongst others. Sandra has been an employee of the Commission since 2015 previously serving in a number of position including as Assistant Commissioner. Sandra holds an MSc in Business and Management, a Business and Law Degree and also holds a Postgraduate Diploma in Education amongst other awards.

In her current role, she has responsibility for the following at the DPC:

  • National Subject Access Request Complaint Unit
  • National Complaint Handling Unit
  • Breach Complaint Handling Unit
  • Determination Assessment Unit
  • Law Enforcement Complaint Handling Unit

Tony Delaney

Tony Delaney

Tony Delaney was appointed Deputy Commissioner, Head of Cross-Border Complaints: Assessment, Handling and Inquiries; ePrivacy Investigations; Enforcement; and Prosecutions, in July 2019. He previously served as Assistant Commissioner at the DPC for over thirteen years during which time he led many of the Office’s high profile investigations including investigations into the text marketing sector, the hospitals sector and the private investigator sector. In 2015 he set up and headed the office’s Special Investigations Unit. He also led the Office’s prosecution function in his role as Assistant Commissioner, testifying on a regular basis in District Courts across the State and achieving numerous high-profile successful outcomes in the prosecution of a range of entities from sectors spanning insurance, telecommunications, marketing and private investigators, among others.

In his current role he has responsibility for the following at the DPC:

  • Enforcement
  • Prosecutions
  • E-Privacy Investigations
  • Cross-Border Complaint Handling Units 1 & 2
  • Cross-Border Complaints Assessment
  • Cross-Border Complaints Inquiry Units 1 & 2

Cian O'Brien

Cian O'Brien

Cian O'Brien was appointed Deputy Commissioner in May 2022, in a role that centres on all large-scale Data Protection Commission inquiries and investigations. Since joining the organisation in 2019, Cian’s roles in the DPC have included Legal Researcher and Senior Regulatory Lawyer. During this time, he was responsible for providing legal advice and assistance on large scale inquiries and investigations concerning both cross-border and domestic matters. Cian also acted as an advisor to the Inquiries Committee and oversaw and implemented the DPC’s process for confirming administrative fines in Court, as provided for in the Data Protection Act 2018. He graduated from University College Dublin and the Kings Inns Dublin. Cian was called to the Bar of Ireland in 2014. He practised law as a Barrister and tutored European Union law before joining the Data Protection Commission.

In his current role he has responsibility for the following at the DPC:

  • Large Scale Inquiries
  • Investigations

Dale Sunderland

Dale Sunderland

Dale Sunderland is Deputy Commissioner with responsibility for Supervision, Guidance and International Affairs. Dale joined the DPC as Deputy Commissioner in May 2016. Previously Head of Communications and Corporate Secretariat at the Department of Justice, he also held various positions at that department working on Irish-British immigration cooperation, EU criminal justice and policing policy, corporate governance oversight, and international, parliamentary and media affairs.

In his current role he has responsibility for the following at the DPC:

  • Consultation and Supervision
  • DPO compliance
  • Children’s Data Protection Policy
  • International Affairs
  • Guidance

Ultan O’Carroll

Ultan O’Carroll

Ultan O’Carroll is Deputy Commissioner for Technology and Operational Performance. He previously served as Assistant Commissioner at the DPC for over seven years. In this time, he led on technology advisory and policy matters for DPC at national and EU level, while also working across the DPC’s regulatory units on audit, compliance and enforcement related to SME and multinational organisations. Ultan also leads on GDPR accreditation and certification at DPC. Ultan carries forward these technology advisory and certification leadership roles, and takes on responsibility for DPC's ICT strategy, assurance, and operational performance at a time of transformative change and growth in an increasingly international context. Ultan has worked extensively in the private sector within technology industries in the UK and Ireland prior to joining the Commissioner's office.

In his current role he has responsibility for the following at the DPC:

  • Operational Performance
  • Technology Advisory
  • Service and Assurance Delivery
  • Applications Management

Fleur O’Shea

Fleur O’Shea is a Deputy Commissioner and Head of Legal Affairs with the Data Protection Commission. In that role, Fleur manages the DPC’s Legal Unit, which is responsible for the provision of legal advice to the DPC to support the execution of the DPC’s functions.  The Legal Unit provides advice directly to the DPC’s functional units across a broad range of disciplines, including statutory interpretation pursuant to Irish and EU law and the requirements of a fair procedure pursuant to Irish and EU law.  It also provides advice and support to the DPC on internal governance matters, including compliance with the DPC’s obligations as a statutory body.

Having qualified as a solicitor in 2010, Fleur worked in private practice, as part of a large Irish law firm, until she joined the DPC in January 2019.  While in private practice, Fleur specialised in the area of employment and equality law and, through that medium, developed particular expertise and experience in data protection law.  During that time, Fleur advised a wide range of public and private sector entities in relation to all aspects of data protection law in the context of the workplace.  Since joining the DPC, Fleur has provided extensive legal advice in relation to all aspects of the cooperation and consistency mechanisms set out in Chapter VII of the GDPR as well as the fining regime established by Article 83 GDPR.


MB Donnelly

MB Donnelly

MB Donnelly was appointed Deputy Commissioner and Head of Strategy, Governance, Finance and Risk at the Irish Data Protection Commission in 2022. In addition to the Strategic function, MB also has responsibility for Government, NGO and DPO relations on behalf of the Data Protection Commission.

Since joining the DPC in 2016, MB has led on a number of key projects for the DPC, including the DPC’s GDPR Awareness and Training project ahead of the May 2018 application of the General Data Protection Regulation; developing the DPC’s Regulatory Strategy 2022-2027 and overseeing the DPC’s involvement in the EU-Funded ARC Project supporting compliance efforts in the small-to-medium enterprise sector.

MB has a keen interest in regulatory theory, and holds undergraduate and post-graduate degrees and certifications from Maynooth University, Trinity College Dublin, University College Dublin, and the London School of Economics.

In her current role, she has responsibility for the following at the DPC:

  • Strategic Planning and Engagement
  • Governance and Risk
  • Transparency
  • Finance

Graham Doyle

Graham Doyle

Graham Doyle is a Deputy Commissioner and Head of Corporate Affairs, People & Learning, Media and Communications with the Irish Data Protection Commission (DPC).

Within the Corporate Affairs and People & Learning functions, Graham leads the DPC’s Procurement, Corporate Services, Human Resources and Learning & Development teams. Graham is also a member of the DPC’s Audit and Risk Committee.

Graham also develops and manages the DPC’s Communications Strategy, which includes extensive national and international media engagement, attending and speaking at events domestically and abroad and delivering a comprehensive internal communications programme for the DPC. Graham also represents the DPC on the European Data Protection Board’s Communications Network.

Graham previously held the roles of Head of Communications and Research at the Garda Síochána Ombudsman Commission (GSOC) and Student Universal Support Ireland (SUSI) and he holds a graduate honour in Public Management, specialising in Law and the Administration of Justice.

In his current role he has responsibility for the following at the DPC:

  • Media and Communications
  • Human Resources / People and Learning
  • Corporate Services
  • Facilities and Procurement