Personal data should only be collected for specified, explicit, & legitimate purposes. It should not be further processed in a way that does not match with those purposes. For more on Purpose Limitation & other Principles of Data Protection, go to: dataprotection.ie/en/organisatio…

Some data breaches can disclose personal data to third parties who had no intention of receiving it. We have produced guidance to help individuals/organisations who accidentally receive personal data as well as data controllers who lose control of data. 👉 dataprotection.ie/en/dpc-guidanc…

Processing refers to any operation or set of operations performed on personal data. This can include storing, using, erasing or destroying personal data, and can involve automated or manual operations. Read our glossary of GDPR Key Terms to learn more: dataprotection.ie/en/individuals…

The DPC has put together a short guide which covers how data protection legislation may apply to video recording of various types, including: 🔹 CCTV 🔹 Dash Cams 🔹 Action Cams 🔹 Drones, etc. Take a look 👉 dataprotection.ie/en/dpc-guidanc…

🌍 The transfer of personal data from the EU to controllers and processors located outside the EU should not undermine the level of protection of the individuals concerned. Read our guide on International Transfers to learn more: dataprotection.ie/en/organisatio…

Processing of personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. For more on Data Minimisation and the other Principles of Data Protection, read our Guidance note here: dataprotection.ie/en/organisatio…

This guide explains the data protection considerations for organisations carrying out Garda Vetting and the type of information that can be included in a vetting disclosure, as well as some of the data protection rights of individuals undergoing vetting 👇 dataprotection.ie/en/dpc-guidanc…

Did you know the DPC is the body responsible for monitoring the application of the GDPR in order to protect the rights and freedoms of individuals in relation to processing? Read our Glossary of Key Terms to better understand your rights under the GDPR: dataprotection.ie/en/individuals…

🤖 AI, and chatbots based on Generative AI, have become increasingly popular and are often freely available. This blog discusses the potential data protection risks in the development and use of such AI systems, both for people and organisations. Read 👉 dataprotection.ie/en/dpc-guidanc…

Is conducting a DPIA mandatory? A DPIA is mandatory where data processing is likely to result in a high risk to the rights and freedoms of natural persons, but is in general a good practice and a useful tool for organisations. Read our DPIA guide here: dataprotection.ie/en/organisatio…

Controllers must ensure that personal data are accurate and, where necessary, kept up to date. Read our Guidance note to find out more about the 7 Principles of Data Protection here: dataprotection.ie/en/organisatio…

What are the principles of data security under the GDPR? Anti-virus software - This is not only required to prevent infection from the internet but to prevent viruses that may also be introduced from portable devices. Read our Data Security guide here: dataprotection.ie/en/organisatio…

A “data controller” refers to a person, company, or other body which decides the purposes and methods of processing personal data. You can read our Glossary of Key Terms to better understand your rights under the GDPR: dataprotection.ie/en/individuals…

What are the principles of data security under the GDPR? Firewalls - A key weapon in combating unauthorised access attempts and absolutely essential where there is any external connectivity to other networks or to the internet. Learn about Data Security: dataprotection.ie/en/organisatio…

A DPIA should be driven by people with appropriate expertise and knowledge of the project in question. It may be delegated to someone else, inside or outside the organisation, but the data controller is ultimately accountable. Read our DPIA guide here: dataprotection.ie/en/organisatio…

What are the principles of data security under the GDPR? Automatic Screen Savers - Computers should be locked when unattended. An access control system is pointless if unattended computers may be accessed by anyone. Read our guide on Data Security here: dataprotection.ie/en/organisatio…

Under the GDPR, the Right to be Informed means that you should be made aware of risks, rules and safeguards in relation to the processing of your personal data and how to exercise your rights in relation to that processing. Know your rights, read here 👉dataprotection.ie/en/individuals…

🔎 Case Study This complaint concerned the alleged non-response to an erasure request and is a good illustration of the potential benefits of an amicable resolution for both data controllers and complainants. 👉 dataprotection.ie/en/dpc-guidanc…

📢Latest News: Data Protection Commission welcomes conclusion of proceedings relating to X’s AI tool ‘Grok’ dataprotection.ie/en/news-media/…

👩‍👩‍👧‍👦 Fundamental 8 - Consent Doesn't Change Childhood 👉 dataprotection.ie/en/dpc-guidanc… Consent obtained from children or from the guardians/parents should not be used as a justification to treat children of all ages as if they were adults.