What we do

The Data Protection Act 2018, which became law on 25 May 2018 established a new Data Protection Commission (DPC). The new Commission is the national independent supervisory authority in Ireland with responsibility for upholding the fundamental right of the individual to have their personal data protected.  The DPC’s statutory powers, functions and duties derive from the Data Protection Act 2018, General Data Protection Regulation, Law Enforcement Directive, as well as from the Data Protection Acts 1988 to 2003 which, inter alia, gives effect to Council of Europe Convention 108.

Using its statutory powers, the Data Protection Commission:

  • examines complaints from individuals in relation to potential infringements of data protection law;
  • conducts inquiries and investigations regarding infringements of data protection legislation and takes enforcement action where necessary;
  • promote awareness amongst members of the public of their rights to have their personal information protected under data protection law;
  • drives improved awareness and compliance with data protection legislation by data controllers and processors legislation through the publication of high-quality guidance, proactive engagement with public and private sector organisations;
  • through consultations with organisations, assists in identifying risks to personal data protection and offers guidance of best practice methods to mitigate against those risks;
  • cooperates with (which includes sharing information with) other data protection authorities, and acts as Lead Supervisory Authority at EU level for organisations that have their main EU establishment in Ireland.