Mission Statement

The Data Protection Commission

Upholding the consistent application of data protection law through engagement, supervision and enforcement, and driving compliance with data protection legislation.

Statement of Strategy 2022-2027

Our mission

Upholding the consistent application of data protection law through engagement, supervision and enforcement, and driving compliance with data protection legislation.

The Data Protection Commission safeguards the data protection rights of individuals and provides clarity for the organisations it regulates by:

  • educating stakeholders on their rights and responsibilities;
  • taking a fair and balanced approach to complaint handling;
  • communicating extensively and transparently with stakeholders;
  • participating actively at European Data Protection Board level to achieve consistency;
  • cultivating technological foresight, in anticipation of future regulatory developments;
  • sanctioning proportionately and judiciously; and
  • retaining and amalgamating the expert capacities of its staff to ensure operational effectiveness.

Our vision

The Data Protection Commission is committed to being an independent, internationally influential and publicly dependable regulator of EU data protection law; regulating with clear purpose, trusted by the public, respected by our peers and effective in our regulation. The DPC will play a leadership role in bringing legal clarity to the early years of the General Data Protection Regulation. The DPC will apply a risk-based regulatory approach to its work, so that its resources are always prioritised on the basis of delivering the greatest benefit to the maximum number of people. The DPC will also be a rewarding and challenging place to work, with a focus on retaining, attracting and allocating the most appropriate people to deliver on its mandate, recognising the value and capacities of its staff as its most critical asset.

Our values

The Data Protection Commission is an autonomous regulator, with responsibility for regulating both private and public sector organisations, as well as safeguarding the data protection rights of individuals. In the conduct of these duties, the DPC is committed to act always in a way that is:

  • Fair
  • Transparent
  • Engaged
  • Expert
  • Accountable
  • Independant
  • Consistent
  • Forward looking
  • Results-driven

Mandate

The Data Protection Commission is afforded a broad-ranging mandate for the purpose of monitoring and enforcing the General Data Protection Regulation, which provides individuals with enhanced rights to data protection and increased obligations for organisations who process personal data. The GDPR also greatly strengthens the powers of Data Protection Authorities, and the DPC’s given powers and assigned tasks allow it to handle complaints from individuals, in addition to conducting its own investigations into more systemic areas of risk. The DPC regulates in accordance with the General Data Protection Regulation, the Data Protection Act 2018, the E-Privacy Directive and the Law Enforcement Directive.