Skip to main content

Irish DPC Issues Guidance Note on the GDPR

Leo Moore (IE), Partner of EuroCloud CPC Network

The Irish Data Protection Commissioner ("DPC") published a guidance note on the General Data Protection Regulation ("GDPR") in preparation for the most significant overhaul on data protection within the EU in over 20 years. The GDPR will apply from 25 May 2018 and aims to harmonise existing EU-wide data protection laws and will replace the existing framework introduced by the EU Data Protection Directive 95/46 EC.

The DPC's guidance is promised to be the first in a series that will run up until the GDPR applies and focuses primarily on how organisations should prepare to ensure their data processing activities are fully compliant with the GDPR ahead of the implementation date.

The recommendations include the following:


  • Data mapping: mapping out where an organisation makes its most significant decisions about data processing;
  • Designated responsibility: ensuring someone in an organisation or an external data protection advisor takes responsibility for data protection compliance and has the knowledge, support and authority to do so effectively; and
  • Data Protection Officers: considering whether the organisation will be required to designate a Data Protection Officer and, if so, whether the current approach will meet the GDPR's requirements.

The DPC emphasises that the adoption of "privacy by design" and "data minimisation" principles are already good practice and both principles are now enshrined in the GDPR. Accordingly, service settings must be automatically privacy friendly and new services and products being developed will need to take account of privacy considerations from the outset.

The note also reminds organisations that the GDPR will impose very significant fines for non-compliance of up to 4% of an organisation's annual turnover.

The DPC is a much stronger resource following a very substantial increase in its annual budget over the last few years, a significant expansion of the team and new offices ahead of the implementation of the GDPR ensuring that it will be able to enforce the new data protection regime from May 2018.


Article provided by Leo Moore (William Fry), attorney in Ireland.

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.


About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.