The Data Protection Commissioner's role

In May 2019, the government reappointed Helen Dixon as Ireland’s Data Protection Commissioner. The Irish Data Protection Commissioner is the head of the supervisory authority known as the Data Protection Commission which is responsible for monitoring the application of the General Data Protection Regulation (GDPR) in Ireland. On 25 May 2018, Ireland’s data protection landscape changed. Changes to the office of the Data Protection Commissioner, GDPR and new domestic data protection laws all came into force.

Office of the Data Protection Commissioner

The mission of Ireland’s Data Protection Commission is to protect data privacy rights by driving compliance through guidance, supervision and enforcement of organisations that process data. Other EU member states also count on the supervisory role of the Data Protection Commissioner. Ireland is home to many of the world’s largest internet platforms which have chosen Dublin as their EU headquarters. The Data Protection Commission cooperates with and shares information with other data protection authorities in the EU as part of its duties as Lead Supervisory Authority at EU level.

Data Protection Commission

The Data Protection Act 2018 established the Data Protection Commission in May 2018. The Data Protection Commission’s statutory powers, functions and duties derive from the Data Protection Act 2018, General Data Protection Regulation, Law Enforcement Directive, and the Data Protection Acts 1988 to 2003. Under its statutory powers, the Data Protection Commission:

• Examines complaints from individuals in relation to potential infringements of data protection law.
• Conducts inquiries and investigations regarding infringements of data protection legislation and takes enforcement action where necessary.
• Promotes awareness amongst members of the public of their rights to have their personal information protected under data protection law.
• Drives improved awareness and compliance with data protection legislation by data controllers and processes legislation through the publication of high-quality guidance, proactive engagement with public and private sector organisations.
• Through consultations, assists in identifying risks to personal data protection and offers guidance of best practice methods to mitigate against those risks.

GDPR one year on

Your enforcement activity is set to ramp up. When GDPR came into force on 25th May 2018, many employers expected to wake up to find a Data Protection Commission inspector in their workplace on the morning of that day. The reality is that the Data Protection Commission, employers and data subjects have all taken the first year of the new data protection regime to familiarise themselves with their rights and obligations. While many organisations put a lot of time, money and effort into their GDPR compliance efforts last year, the challenge for the SME sector is to continue to embed data protection principles into operations and processes on an ongoing basis.

Need help with GDPR compliance?

If you have any questions in relation to your GDPR compliance, please contact Peninsula’s expert employment law advisors on 0818 923 923.