Who we are
The Data Protection Commission (DPC) is the national independent authority in Ireland responsible for upholding the fundamental right of individuals in the European Union (EU) to have their personal data protected. Accordingly, the DPC is the Irish supervisory authority responsible for monitoring the application of the General Data Protection Regulation (GDPR), and we also have functions and powers related to other regulatory frameworks, including the Irish ePrivacy Regulations (2011) and the EU Directive known as the Law Enforcement Directive (LED). The statutory powers, duties and functions of the DPC are as established under the Data Protection Act 2018, which gives further effect to the GDPR and also gives effect to the LED.
Our Mission
Safeguarding data protection rights by driving compliance through guidance, supervision and enforcement.
Organisation Chart
Commissioner for Data Protection
Large Scale Inquiries and Investigations
Frontline Breach, Complaint and Information
National Complaints including Access Requests, LED, Breach & Processing
CB Complaints -: Assessment, Handling & Inquiries; ePrivacy Investigations; Enforcement; Prosecutions
Supervision, Guidance & International Affairs
Technology & Operational Performance
Enterprise and Operations ITC
Legal Affairs
Strategy, Governance, Finance & Risk
People & Learning
Corporate Affairs, Media & Communications
Ceann um Daoine & Foghlaim
Our team
Dr. Des Hogan
Des Hogan was appointed as Commissioner for Data Protection and Chairperson of the Irish Data Protection Commission in February 2024. Prior to that he was Assistant Chief State Solicitor in the Office of the Chief State Solicitor in the period 2015-2024. He served as Acting Chief Executive in the Irish Human Rights Commission in 2007 and from 2012 to 2014. He previously worked for the Australian Human Rights and Equal Opportunity Commission and for Amnesty International in Australia and its International Secretariat in London. A solicitor by profession, Dr Hogan was awarded a Masters in European Law from University College Dublin and a PhD in Philosophy of Law from Trinity College Dublin.
Dale Sunderland
Dale Sunderland was appointed Commissioner for Data Protection in February 2024. Prior to his appointment he held the position of Director and Deputy Commissioner with responsibility for the Data Protection Commission’s Supervision, Guidance and International Affairs functions. Dale joined the DPC as Deputy Commissioner in May 2016, having previously worked at Ireland’s Department of Justice from 2002 to 2016. During his time at the Department Justice, Dale was Head Communications and Corporate Secretariat, and held various other positions working on Irish-British immigration cooperation, EU criminal justice and policing policy, corporate governance oversight, and international, parliamentary and media affairs.
Cian O'Brien
Cian O'Brien was appointed Deputy Commissioner in May 2022, in a role that centres on all large-scale Data Protection Commission inquiries and investigations. Since joining the organisation in 2019, Cian’s roles in the DPC have included Legal Researcher and Senior Regulatory Lawyer. During this time, he was responsible for providing legal advice and assistance on large scale inquiries and investigations concerning both cross-border and domestic matters. Cian also acted as an advisor to the Inquiries Committee and oversaw and implemented the DPC’s process for confirming administrative fines in Court, as provided for in the Data Protection Act 2018. He graduated from University College Dublin and the Kings Inns Dublin. Cian was called to the Bar of Ireland in 2014. He practised law as a Barrister and tutored European Union law before joining the Data Protection Commission.
In his current role he has responsibility for the following at the DPC:
- Large Scale Inquiries
- Investigations
Ian Chambers
Ian Chambers was appointed Deputy Commissioner, Head of Frontline, Breach, Complaints and Information, in November 2022. He previously served as Assistant Commissioner with the DPC for the previous three years as head of the Information and Assessment unit. Since joining the civil service in 2013 he has worked in a number of areas, including local property tax administration with the Revenue Commissioners, as well as in the Department of Social Protection Internal Investigations Unit.
In his current role he has responsibility for the following at the DPC:
- Breach Notifications
- Direct Intervention
- Complaint Assessment
- Early Resolution
- Information
- Frontline Legal
Sandra Skehan
Sandra Skehan was appointed as Deputy Commissioner, Head of National Complaints in November 2022. Sandra has responsibility for overseeing the examination of complaints relating to access requests, breach complaints, matters relating to processing issues, RTBF and LED Complaints, amongst others. Sandra has been an employee of the Commission since 2015 previously serving in a number of position including as Assistant Commissioner. Sandra holds an MSc in Business and Management, a Business and Law Degree and also holds a Postgraduate Diploma in Education amongst other awards.
In her current role, she has responsibility for the following at the DPC:
- National Subject Access Request Complaint Unit
- National Complaint Handling Unit
- Breach Complaint Handling Unit
- Determination Assessment Unit
- Law Enforcement Complaint Handling Unit
Ultan O’Carroll
Ultan O’Carroll is Deputy Commissioner for Technology and Operational Performance. He previously served as Assistant Commissioner at the DPC for over seven years. In this time, he led on technology advisory and policy matters for DPC at national and EU level, while also working across the DPC’s regulatory units on audit, compliance and enforcement related to SME and multinational organisations. Ultan carries forward these technology advisory and certification leadership roles, and takes on responsibility for DPC's ICT operational performance at a time of transformative change and growth in an increasingly international context. Ultan has worked extensively in the private sector within technology industries in the UK and Ireland prior to joining the Commissioner's office.
In his current role he has responsibility for the following at the DPC:
- Technology & Security Advisory
- Supervision and Enforcement Support
- EU Technology Matters
Labhras Sammin
Labhras Sammin is Deputy Commissioner for Enterprise and Operations ICT since January 2024. He takes on responsibility for DPC's ICT strategy, ICT systems, data analytics and record management.
Prior to joining the Commissioner's office, Labhras specialised in delivering business and technology change programmes, most recently as programme manager for the Department of Transport on a Digital Transformation Programme. Labhras has worked extensively in a number of sectors including Financial Services, Telecoms and Tech in the US, UK and Ireland. Starting out as a software developer, he has worked in a number of roles including trainer, lecturer, scrum master, project manager, business analyst and data analyst.
In his current role he has responsibility for the following at the DPC:
- Operational Systems
- Application Development and Support
- Service and Assurance Delivery
- Data Analytics and Governance
- Records Management
Fleur O’Shea
Fleur O’Shea is a Deputy Commissioner and Head of Legal Affairs with the Data Protection Commission. In that role, Fleur manages the DPC’s Legal Unit, which is responsible for the provision of legal advice to the DPC to support the execution of the DPC’s functions. The Legal Unit provides advice directly to the DPC’s functional units across a broad range of disciplines, including statutory interpretation pursuant to Irish and EU law and the requirements of a fair procedure pursuant to Irish and EU law. It also provides advice and support to the DPC on internal governance matters, including compliance with the DPC’s obligations as a statutory body.
Having qualified as a solicitor in 2010, Fleur worked in private practice, as part of a large Irish law firm, until she joined the DPC in January 2019. While in private practice, Fleur specialised in the area of employment and equality law and, through that medium, developed particular expertise and experience in data protection law. During that time, Fleur advised a wide range of public and private sector entities in relation to all aspects of data protection law in the context of the workplace. Since joining the DPC, Fleur has provided extensive legal advice in relation to all aspects of the cooperation and consistency mechanisms set out in Chapter VII of the GDPR as well as the fining regime established by Article 83 GDPR.
MB Donnelly
MB Donnelly was appointed Deputy Commissioner and Head of Strategy, Governance, Finance and Risk at the Irish Data Protection Commission in 2022. In addition to the Strategic function, MB also has responsibility for Government, NGO and DPO relations on behalf of the Data Protection Commission.
Since joining the DPC in 2016, MB has led on a number of key projects for the DPC, including the DPC’s GDPR Awareness and Training project ahead of the May 2018 application of the General Data Protection Regulation; developing the DPC’s Regulatory Strategy 2022-2027 and overseeing the DPC’s involvement in the EU-Funded ARC Project supporting compliance efforts in the small-to-medium enterprise sector.
MB has a keen interest in regulatory theory, and holds undergraduate and post-graduate degrees and certifications from Maynooth University, Trinity College Dublin, University College Dublin, and the London School of Economics.
In her current role, she has responsibility for the following at the DPC:
- Strategic Planning and Engagement
- Governance and Risk
- Transparency
- Finance
Gráinne Duffy
Gráinne Duffy is Deputy Commissioner for People and Learning and joined the DPC in February 2024. She previously held various roles in the Department of Social Protection and subsequently in the Department of Health. Gráinne oversaw a range of different policy functions in the Department of Health over some 20 years, including her role as Head of Strategic Human Resources for more than five years.
Gráinne holds an MSc in Human Resource Strategies from DCU and a BA (Hons) in Law & the Administration of Justice from the Institute of Public Administration.
In her role in the Data Protection Commission, Gráinne leads the strategic and operational human resources and learning & development functions which include:
- Strategic workforce planning
- Talent management and acquisition
- Learning and development
- Employee & industrial relations
- Initiatives in the area of employee engagement and equality
- diversity & inclusion
Graham Doyle
Graham Doyle is a Deputy Commissioner and Head of Corporate Affairs, Media and Communications with the Irish Data Protection Commission (DPC).
Graham leads the DPC’s Procurement and Corporate Services teams. Graham is also a member of the DPC’s Audit and Risk Committee. Graham also develops and manages the DPC’s Communications Strategy, which includes extensive national and international media engagement, attending and speaking at events domestically and abroad and delivering a comprehensive internal communications programme for the DPC. Graham also represents the DPC on the European Data Protection Board’s Communications Network.
Graham previously held the roles of Head of Communications and Research at the Garda Síochána Ombudsman Commission (GSOC) and Student Universal Support Ireland (SUSI) and he holds a graduate honour in Public Management, specialising in Law and the Administration of Justice.
In his current role he has responsibility for the following at the DPC:
- Media and Communications
- Corporate Services
- Facilities and Procurement
Niall J. Cavanagh
Niall Cavanagh was appointed Deputy Commissioner, Principal Regulatory Lawyer in the Data Protection Commission in Ireland in July 2022.
Niall qualified with an honours degree in Computer Science from Queen’s University Belfast in 1991. He worked in the private sector for the first 12 years of his career, within international telecommunications companies as a Systems Manager, Lead Developer, Business Analyst and Programme Manager. In 2001, he was enrolled as a Chartered Engineer with the Institute of Engineers of Ireland (now Engineering Ireland) and was a member of the Institute of Business Analysts and Consultants from 1998 to 2003.
He was called to the Bar of Ireland in 2005 and practised as a Barrister at Law until 2017. His general practice covered both civil and criminal cases, appearing at all levels, including the Supreme Court and Court of Appeal.
In December 2017, he joined the Office of the Data Protection Commissioner in Ireland as an Assistant Commissioner, in the role of Senior Legal Adviser. In 2018, he was appointed head of the Breach Notification, Assessment, Inquiries and Investigations Unit.
Niall represented the Data Protection Commission as a designated technical expert on the Schengen Evaluation of Sweden in 2022.
In his current role he applies his legal and technical experience in leading a Large Scale Inquiries and Investigation Unit for the delivery of:
- GDPR and Law Enforcement Directive National Inquiries
- Cross-Border Inquiries
- Assessment and Enforcement of Corrective Measures arising from inquiries
Diarmuid Goulding
Diarmuid Goulding was appointed Deputy Commissioner in January 2023, in a role that centres on large-scale inquiries and investigations. Since joining the Data Protection Commission as a Legal Adviser in 2018, Diarmuid has provided legal advice and assistance on large scale inquiries and investigations concerning both cross-border and domestic matters. Diarmuid has also represented the Commission at Expert Subgroups of the European Data Protection Board.
He graduated from University College Cork and Kings Inns, Dublin. Diarmuid was called to the Bar of Ireland in 2008. He practised as a Barrister and later worked in a legal capacity with the Department of Public Expenditure, NDP Delivery and Reform, and as a Regulatory Investigator with the Office of the Information Commissioner.
In his current role, he has responsibility for the following at the DPC:
- Large-Scale Inquiries
- Investigations
Gráinne Hawkes
Gráinne Hawkes is a Deputy Commissioner at the DPC. Her work centres on managing complex, cross border inquiries and investigations.
From 2023 – 2024, Gráinne was the Data Protection Commission’s first attaché in Brussels. In this role, Gráinne was responsible for the set up and building out of the DPC’s presence in Brussels. She led the DPC’s interactions with Brussels based stakeholders, such as the European Commission, the European Data Protection Board, Members of the European Parliament, Civil Society Organisations and Data Controllers with representatives based in Brussels.
Gráinne first joined the DPC in 2019 and worked as Senior Regulatory Lawyer with responsibility for the management of cross border complaints and complaint based inquiries. As part of this role, Gráinne took up a secondment to the European Commission, working in the cabinet of the European Commissioner for Justice, Didier Reynders.
She holds a first class honours LLB from Trinity College Dublin, an LLM from the College of Europe, Bruges and an Msc in Business and Law from the University of Law in London. Prior to joining the DPC, Gráinne trained and qualified as a solicitor with Linklaters in London and Singapore, where she worked as an associate solicitor in dispute resolution (specialising in contentious regulation).
David Murphy
David Murphy was appointed Deputy Commissioner, with responsibility for Supervision of the Public, Health, and Voluntary Sectors in 2022. Having joined the Commission in 2016, he has worked in the area of consultative engagement, providing best practice guidance and advice to organisations across the public and private sectors on compliance with the data protection legislative frameworks. David frequently represents the DPC as a speaker at events in Ireland and abroad, and has delivered guest lectures on data protection to various bodies including the Institute of Public Administration and UCD School of Medicine.
Prior to joining the DPC, David gained experience in data governance and record management in the Local Authority sector, with Dublin City Council’s Law Department.
In his current role he has responsibility for the following at the DPC:
- Supervision of Data Protection Compliance across the public sector
- health sector
- and voluntary sector
- Legislative consultations pursuant to GDPR and the Data Protection Act 2018
- Children’s Data Protection Policy and Compliance
Cathal Ryan
Cathal Ryan was appointed Deputy Commissioner, with responsibility for Consultation and Supervision in January 2023. He is a qualified lawyer specialising in regulatory and data protection law.
Cathal has worked in a number of regulatory senior management and legal roles with the Competition and Consumer Protection Commission, the Chief States Solicitor’s Office, the Legal Aid Board and the DPC (as an Assistant Commissioner between 2015 and 2020). He is a key contributor at a national and an EU level on behalf of the DPC and was the lead rapporteur for EU Codes of Conduct guidelines.
In his current role, he has responsibility for the following areas:
- Technology Multinational
- International Transfers
- Private
- Financial
- Insurance
- Communications
- Transport and Utilities
- BCRs
- Certification
- Codes of Conduct