Editor’s Note: The Data Protection Commission (DPC) is the Irish supervisory authority for the General Data Protection Regulation (GDPR). It also has functions and powers related to other critical regulatory frameworks, including the Irish ePrivacy Regulations (2011) and the EU Directive known as the Law Enforcement Directive. In this recently published report (June 2020), DPC Ireland shares a country-specific GDPR regulatory activities update to assess the range of regulatory tasks for 25 May 2018 to 25 May 2020.
DPC Ireland 2018-2020 Regulatory Activity Under GDPR*
Scope of the Report
This report is intended to assess the range of regulatory tasks of the Data Protection Commission for the period 25 May 2018 to 25 May 2020. It is distinguishable from the Commission’s Annual Reports in that it does not focus on the administration of the office. Details of the DPC’s administrative work are available in its annual reports, which can be found here; including its Financial Statements, Statements of Internal Control and Energy Usage.
This report takes stock of the DPC’s experience of its mandated functions under the GDPR; its legal activities and the allocation of its resources in support of Article 57.1 (b)(d). To note, while the report refers in shorthand to “the GDPR”, it is in fact intended to cover the substantive roles of the DPC under the three main pieces of data protection legislation – the GDPR, the e-Privacy Directive and the Law Enforcement Directive as transposed in the Data Protection Act 2018.
Purpose of the Report
The purpose of this two-year assessment is to provide a wider-angled lens through which to assess the work of the DPC since the implementation of the General Data Protection Regulation; in particular, to examine wider datasets and annual trends to see what patterns can be identified. While the DPC – as is the case for many other stakeholders – could already make some observations about aspects of the GDPR and the one-stop-shop procedures that work less well, the purpose of this document is not to offer a critique at this juncture but rather to showcase what has – and is – being delivered. The report and its findings will form part of the information upon which the DPC will base its regulatory approach for the next five years.
The report is additionally intended to give public insight into the work of the DPC and, through the inclusion of case studies, provide instructive examples which will give guidance to entities in similar situations.DPC Ireland 2018-2020 Regulatory Activity Under GDPR
* Copyrighted information note shared by permission of Regulations on the Re-use of Public Section Information
- A Matter of Opinion? An EDPS View on the European Data Strategy
- Cloudy Considerations? ESMA Draft Guidelines on Outsourcing to Cloud Service Providers