Irish DPC Issues Guidance Note on the GDPR


The Irish Data Protection Commissioner ("DPC") published a guidance note on the General Data Protection Regulation ("GDPR") in preparation for the most significant overhaul on data protection within the EU in over 20 years. The GDPR will apply from 25 May 2018 and aims to harmonise existing EU-wide data protection laws and will replace the existing framework introduced by the EU Data Protection Directive 95/46 EC.

The DPC's guidance is promised to be the first in a series that will run up until the GDPR applies and focuses primarily on how organisations should prepare to ensure their data processing activities are fully compliant with the GDPR ahead of the implementation date.

The recommendations include the following:

  • Data mapping: mapping out where an organisation makes its most significant decisions about data processing;
  • Designated responsibility: ensuring someone in an organisation or an external data protection advisor takes responsibility for data protection compliance and has the knowledge, support and authority to do so effectively; and
  • Data Protection Officers: considering whether the organisation will be required to designate a Data Protection Officer and, if so, whether the current approach will meet the GDPR's requirements.

The DPC emphasises that the adoption of "privacy by design" and "data minimisation" principles are already good practice and both principles are now enshrined in the GDPR. Accordingly, service settings must be automatically privacy friendly and new services and products being developed will need to take account of privacy considerations from the outset.

The note also reminds organisations that the GDPR will impose very significant fines for non-compliance of up to 4% of an organisation's annual turnover.

The DPC is a much stronger resource following a very substantial increase in its annual budget over the last few years, a significant expansion of the team and new offices ahead of the implementation of the GDPR ensuring that it will be able to enforce the new data protection regime from May 2018.


Article provided by Leo Moore (William Fry), attorney in Ireland.


Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

CPC project office: Dr. Tobias Höllwarth,


What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.