Who we are

Dr. Des Hogan

Des Hogan was appointed as Commissioner for Data Protection and Chairperson of the Irish Data Protection Commission in February 2024. Prior to that he was Assistant Chief State Solicitor in the Office of the Chief State Solicitor in the period 2015-2024. He served as Acting Chief Executive in the Irish Human Rights Commission in 2007 and from 2012 to 2014. He previously worked for the Australian Human Rights and Equal Opportunity Commission and for Amnesty International in Australia and its International Secretariat in London. A solicitor by profession, Dr Hogan was awarded a Masters in European Law from University College Dublin and a PhD in Philosophy of Law from Trinity College Dublin.

Dale Sunderland

Dale Sunderland was appointed Commissioner for Data Protection in February 2024. Prior to his appointment he held the position of Director and Deputy Commissioner with responsibility for the Data Protection Commission’s Supervision, Guidance and International Affairs functions. Dale joined the DPC as Deputy Commissioner in May 2016, having previously worked at Ireland’s Department of Justice from 2002 to 2016. During his time at the Department Justice, Dale was Head Communications and Corporate Secretariat, and held various other positions working on Irish-British immigration cooperation, EU criminal justice and policing policy, corporate governance oversight, and international, parliamentary and media affairs.

Cian O'Brien

Cian O'Brien was appointed Deputy Commissioner in May 2022, in a role that centres on all large-scale Data Protection Commission inquiries and investigations. Since joining the organisation in 2019, Cian’s roles in the DPC have included Legal Researcher and Senior Regulatory Lawyer. During this time, he was responsible for providing legal advice and assistance on large scale inquiries and investigations concerning both cross-border and domestic matters. Cian also acted as an advisor to the Inquiries Committee and oversaw and implemented the DPC’s process for confirming administrative fines in Court, as provided for in the Data Protection Act 2018. He graduated from University College Dublin and the Kings Inns Dublin. Cian was called to the Bar of Ireland in 2014. He practised law as a Barrister and tutored European Union law before joining the Data Protection Commission.

In his current role he has responsibility for the following at the DPC:

• Large Scale Inquiries
• Investigations

Ian Chambers

Ian Chambers was appointed Deputy Commissioner, Head of Frontline, Breach, Complaints and Information, in November 2022. He previously served as Assistant Commissioner with the DPC for the previous three years as head of the Information and Assessment unit. Since joining the civil service in 2013 he has worked in a number of areas, including local property tax administration with the Revenue Commissioners, as well as in the Department of Social Protection Internal Investigations Unit.

In his current role he has responsibility for the following at the DPC:

• Breach Notifications
• Direct Intervention
• Complaint Assessment
• Early Resolution
• Information
• Frontline Legal

Sandra Skehan

Sandra Skehan was appointed as Deputy Commissioner, Head of National Complaints in November 2022. Sandra has responsibility for overseeing the examination of complaints relating to access requests, breach complaints, matters relating to processing issues, RTBF and LED Complaints, amongst others. Sandra has been an employee of the Commission since 2015 previously serving in a number of position including as Assistant Commissioner. Sandra holds an MSc in Business and Management, a Business and Law Degree and also holds a Postgraduate Diploma in Education amongst other awards.

In her current role, she has responsibility for the following at the DPC:

• National Subject Access Request Complaint Unit
• National Complaint Handling Unit
• Breach Complaint Handling Unit
• Determination Assessment Unit
• Law Enforcement Complaint Handling Unit

Ultan O’Carroll

Ultan O’Carroll is Deputy Commissioner for Technology and Operational Performance. He previously served as Assistant Commissioner at the DPC for over seven years. In this time, he led on technology advisory and policy matters for DPC at national and EU level, while also working across the DPC’s regulatory units on audit, compliance and enforcement related to SME and multinational organisations. Ultan carries forward these technology advisory and certification leadership roles, and takes on responsibility for DPC's ICT operational performance at a time of transformative change and growth in an increasingly international context. Ultan has worked extensively in the private sector within technology industries in the UK and Ireland prior to joining the Commissioner's office.

In his current role he has responsibility for the following at the DPC:

• Technology & Security Advisory
• Supervision and Enforcement Support
• EU Technology Matters

Labhras Sammin

Labhras Sammin is Deputy Commissioner for Enterprise and Operations ICT since January 2024. He takes on responsibility for DPC's ICT strategy, ICT systems, data analytics and record management.  

Prior to joining the Commissioner's office, Labhras specialised in delivering business and technology change programmes, most recently as programme manager for the Department of Transport on a Digital Transformation Programme. Labhras has worked extensively in a number of sectors including Financial Services, Telecoms and Tech in the US, UK and Ireland. Starting out as a software developer, he has worked in a number of roles including trainer, lecturer, scrum master, project manager, business analyst and data analyst.

In his current role he has responsibility for the following at the DPC:

• Operational Systems
• Application Development and Support
• Service and Assurance Delivery
• Data Analytics and Governance
• Records Management

Deirdre O'Donovan

Deirdre O’Donovan was appointed Deputy Commissioner and Director of Legal Affairs with the Data Protection Commission in September 2025.

Prior to joining the DPC, Deirdre was a Partner in the Litigation and Investigations department of a leading Irish law firm. There, her practice focussed on complex commercial litigation, often with a cross-border element, and more recently, large-scale regulatory investigations and white-collar crime. She provided strategic advice and support to clients across a range of sectors including state bodies, telecoms and healthcare. Deirdre has extensive experience before the Superior Courts in Ireland, including the Supreme Court.

In her current role, Deirdre leads the Legal Affairs unit, which is responsible for advising the DPC in relation to the discharge of its statutory functions and exercise of its statutory powers, as well as advising and directing on litigation strategy in proceedings involving the DPC.

MB Donnelly

MB Donnelly was appointed Deputy Commissioner and Head of Strategy, Governance, Finance and Risk at the Irish Data Protection Commission in 2022. In addition to the Strategic function, MB also has responsibility for Government, NGO and DPO relations on behalf of the Data Protection Commission.

Since joining the DPC in 2016, MB has led on a number of key projects for the DPC, including the DPC’s GDPR Awareness and Training project ahead of the May 2018 application of the General Data Protection Regulation; developing the DPC’s Regulatory Strategy 2022-2027 and overseeing the DPC’s involvement in the EU-Funded ARC Project supporting compliance efforts in the small-to-medium enterprise sector.

MB has a keen interest in regulatory theory, and holds undergraduate and post-graduate degrees and certifications from Maynooth University, Trinity College Dublin, University College Dublin, and the London School of Economics.

In her current role, she has responsibility for the following at the DPC:

• Strategic Planning and Engagement
• Governance and Risk
• Transparency
• Finance

Gráinne Duffy

Gráinne Duffy is Deputy Commissioner for People and Learning and joined the DPC in February 2024.  She previously held various roles in the Department of Social Protection and subsequently in the Department of Health.  Gráinne oversaw a range of different policy functions in the Department of Health over some 20 years, including her role as Head of Strategic Human Resources for more than five years. 

Gráinne holds an MSc in Human Resource Strategies from DCU and a BA (Hons) in Law & the Administration of Justice from the Institute of Public Administration. 

In her role in the Data Protection Commission, Gráinne leads the strategic and operational human resources and learning & development functions which include:

• Strategic workforce planning
• Talent management and acquisition
• Learning and development
• Employee & industrial relations
• Initiatives in the area of employee engagement and equality
• diversity & inclusion

Graham Doyle

Graham Doyle is a Deputy Commissioner and Head of Corporate Affairs, Media and Communications with the Irish Data Protection Commission (DPC).

Graham leads the DPC’s Procurement and Corporate Services teams. Graham is also a member of the DPC’s Audit and Risk Committee. Graham also develops and manages the DPC’s Communications Strategy, which includes extensive national and international media engagement, attending and speaking at events domestically and abroad and delivering a comprehensive internal communications programme for the DPC. Graham also represents the DPC on the European Data Protection Board’s Communications Network.

Graham previously held the roles of Head of Communications and Research at the Garda Síochána Ombudsman Commission (GSOC) and Student Universal Support Ireland (SUSI) and he holds a graduate honour in Public Management, specialising in Law and the Administration of Justice.

In his current role he has responsibility for the following at the DPC:

• Media and Communications
• Corporate Services
• Facilities and Procurement

Niall J. Cavanagh

Niall Cavanagh was appointed Deputy Commissioner, Principal Regulatory Lawyer in the Data Protection Commission in Ireland in July 2022.

Niall qualified with an honours degree in Computer Science from Queen’s University Belfast in 1991. He worked in the private sector for the first 12 years of his career, within international telecommunications companies as a Systems Manager, Lead Developer, Business Analyst and Programme Manager. In 2001, he was enrolled as a Chartered Engineer with the Institute of Engineers of Ireland (now Engineering Ireland) and was a member of the Institute of Business Analysts and Consultants from 1998 to 2003.

He was called to the Bar of Ireland in 2005 and practised as a Barrister at Law until 2017. His general practice covered both civil and criminal cases, appearing at all levels, including the Supreme Court and Court of Appeal.

In December 2017, he joined the Office of the Data Protection Commissioner in Ireland as an Assistant Commissioner, in the role of Senior Legal Adviser. In 2018, he was appointed head of the Breach Notification, Assessment, Inquiries and Investigations Unit.

Niall represented the Data Protection Commission as a designated technical expert on the Schengen Evaluation of Sweden in 2022.

In his current role he applies his legal and technical experience in leading a Large Scale Inquiries and Investigation Unit for the delivery of:

• GDPR and Law Enforcement Directive National Inquiries
• Cross-Border Inquiries
• Assessment and Enforcement of Corrective Measures arising from inquiries

Gráinne Hawkes

Gráinne Hawkes is a Deputy Commissioner at the DPC and is head of EDPB/International and AI Act Implementation.

From 2023 – 2024, Gráinne was the Data Protection Commission’s first attaché in Brussels. In this role, Gráinne was responsible for the set up and building out of the DPC’s presence in Brussels. She led the DPC’s interactions with Brussels based stakeholders, such as the European Commission, the European Data Protection Board, Members of the European Parliament, Civil Society Organisations and Data Controllers with representatives based in Brussels.

Gráinne first joined the DPC in 2019 and has worked as Senior Regulatory Lawyer with responsibility for the management of cross border complaints and complaint based inquiries, as well as a Deputy Commissioner with responsibility for Large Scale Inquiries. While working at the DPC, Gráinne took up a secondment to the European Commission, working in the cabinet of the former European Commissioner for Justice, Didier Reynders.

She holds a first class honours LLB from Trinity College Dublin, an LLM from the College of Europe, Bruges and an Msc in Business and Law from the University of Law in London. Prior to joining the DPC, Gráinne trained and qualified as a solicitor with Linklaters in London and Singapore, where she worked as an associate solicitor in dispute resolution (specialising in contentious regulation).

Diarmuid Goulding

Diarmuid Goulding was appointed Deputy Commissioner in January 2023, in a role that centres on large-scale inquiries and investigations. Since joining the Data Protection Commission as a Legal Adviser in 2018, Diarmuid has provided legal advice and assistance on large scale inquiries and investigations concerning both cross-border and domestic matters. Diarmuid has also represented the Commission at Expert Subgroups of the European Data Protection Board.

He graduated from University College Cork and Kings Inns, Dublin. Diarmuid was called to the Bar of Ireland in 2008. He practised as a Barrister and later worked in a legal capacity with the Department of Public Expenditure, NDP Delivery and Reform, and as a Regulatory Investigator with the Office of the Information Commissioner.

In his current role, he has responsibility for the following at the DPC:

• Large-Scale Inquiries
• Investigations

Andrew Carroll

Andrew Carroll was appointed Deputy Commissioner at the DPC in November 2024. His role involves managing many of the DPC’s national and cross-border inquiries and overseeing the enforcement of concluded inquiries.

Prior to his appointment, Andrew served as Assistant Commissioner and head of law enforcement supervision and was also the DPC’s Data Protection Officer. Andrew has represented the DPC on various subgroups of the European Data Protection Board and contributed to inspections and audits at a national and EU level. Andrew completed the DPC’s first audit of the Schengen Information System in Ireland.

Before joining the DPC in 2019, Andrew worked in Brussels for five years as a research assistant and press officer at the Japanese Mission to the European Union and previously as a project manager at the EU-Japan Centre for Industrial Cooperation. A lifelong learner, Andrew holds graduate and post-graduate degrees from University College Dublin, the University of St Andrews, and Leiden University, amongst other awards.

David Murphy

David Murphy was appointed Deputy Commissioner, with responsibility for Supervision of the Public, Health, and Voluntary Sectors in 2022. Having joined the Commission in 2016, he has worked in the area of consultative engagement, providing best practice guidance and advice to organisations across the public and private sectors on compliance with the data protection legislative frameworks. David frequently represents the DPC as a speaker at events in Ireland and abroad, and has delivered guest lectures on data protection to various bodies including the Institute of Public Administration and UCD School of Medicine.

Prior to joining the DPC, David gained experience in data governance and record management in the Local Authority sector, with Dublin City Council’s Law Department.

In his current role he has responsibility for the following at the DPC:

• Supervision of Data Protection Compliance across the public sector
• health sector
• and voluntary sector
• Legislative consultations pursuant to GDPR and the Data Protection Act 2018
• Children’s Data Protection Policy and Compliance

Cathal Ryan

Cathal Ryan was appointed Deputy Commissioner, with responsibility for Consultation and Supervision in January 2023. He is a qualified lawyer specialising in regulatory and data protection law.

Cathal has worked in a number of regulatory senior management and legal roles with the Competition and Consumer Protection Commission, the Chief States Solicitor’s Office, the Legal Aid Board and the DPC (as an Assistant Commissioner between 2015 and 2020). He is a key contributor at a national and an EU level on behalf of the DPC and was the lead rapporteur for EU Codes of Conduct guidelines.

In his current role, he has responsibility for the following areas:

• Technology Multinational
• International Transfers
• Private
• Financial
• Insurance
• Communications
• Transport and Utilities
• BCRs
• Certification
• Codes of Conduct

Paul McDonagh-Forde

Paul McDonagh-Forde is the Irish Data Protection Commission’s Brussels-based Attaché. He leads the DPC’s interactions in Brussels with a wide variety of organisations, including the European Commission, the European Data Protection Board and the European Parliament, as well as civil society organisations and regulated entities that have a presence in Brussels.

Having first joined the DPC as a member of the legal unit in 2019, Paul has advised primarily on large scale cross-border regulation, with a focus both on Irish and EU law, in his capacity as an Irish-qualified barrister. He also has extensive experience of engagement with a variety of expert sub-groups within the European Data Protection Board, including procedures that have given rise to opinions, guidelines and binding decisions.

Paul holds an LL.B from Trinity College Dublin, an LL.M from the University of Edinburgh and a Barrister-at-law degree from the King’s Inns in Dublin. Prior to joining the DPC, Paul worked as a judicial assistant/clerk at the Supreme Court of Ireland.