🇮🇪General Data Protection Regulation in Ireland
A comprehensive guide to General Data Protection Regulation compliance for organisations operating in Ireland. Understand local enforcement, the national data protection authority, key focus areas, and notable enforcement actions.
About General Data Protection Regulation
The EU's landmark data protection law that governs how organisations collect, store, process, and transfer personal data of individuals in the European Economic Area.
General Data Protection Regulation Enforcement in Ireland
Ireland's DPC holds outsized importance in EU data protection as the lead supervisory authority for most major US technology companies with European headquarters in Ireland, including Meta, Google, Apple, Microsoft, TikTok, and Twitter/X. The DPC has been both criticised for the pace of its investigations and praised for the scale and impact of its eventual decisions, which have included some of Europe's largest GDPR fines. The Irish Data Protection Act 2018 supplements the GDPR with provisions on children's data (age of consent set at 16), law enforcement processing, and exemptions for journalism and research. The DPC's cross-border decisions frequently trigger the GDPR's consistency mechanism, involving other EU DPAs and sometimes the European Data Protection Board (EDPB) through binding dispute resolution.
Data Protection Authority
Data Protection Commission (DPC)
Key Enforcement Focus Areas in Ireland
- Big Tech enforcement (Meta, Google, Apple, Microsoft, TikTok)
- Cross-border enforcement and EDPB cooperation
- Children's data protection
- International data transfers to the US
- Behavioural advertising and consent mechanisms
Notable Enforcement Actions in Ireland
Meta Platforms Ireland (Facebook)
Transferring EU user data to the US without adequate data protection safeguards following Schrems II
Meta Platforms Ireland (Instagram)
Processing children's personal data including phone numbers and email addresses of minors with public accounts
Meta Platforms Ireland (WhatsApp)
Transparency failures in informing users and non-users about WhatsApp's data processing practices
TikTok Technology Limited
Failing to protect children's privacy by defaulting minors' accounts to public and enabling features exposing them
Check Your Compliance Status
Take our free assessment to evaluate your organisation's compliance posture. Get a personalised report with actionable recommendations in minutes — no sign-up required.
Start Free AssessmentDisclaimer: The information on this page is for educational purposes and does not constitute legal advice. For specific compliance guidance, consult a qualified legal professional in your jurisdiction.
Other Regulations Affecting Ireland
Network and Information Security Directive (NIS2)
The updated EU cybersecurity directive that expands security requirements to a broader range of sectors and imposes stricter obligations on essential and important entities.
Digital Operational Resilience Act (DORA)
The EU regulation establishing a comprehensive framework for digital operational resilience in the financial sector, covering ICT risk management, incident reporting, testing, and third-party risk.
EU Artificial Intelligence Act (AI Act)
The world's first comprehensive AI regulation, establishing a risk-based framework for the development, deployment, and use of artificial intelligence systems within the EU.
ePrivacy Directive (2002/58/EC)
The EU directive governing privacy in electronic communications, covering cookies, direct marketing, traffic data, and the confidentiality of communications — often called the "Cookie Law".