We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.


Strictly necessary cookies

Cookie name Duration Cookie purpose
ASP.NET_SessionId Session This cookie holds the current session id (OPPassessment only)
.ASPXANONYMOUS 2 Months Authentication to the site
LSI 1 Year To remember cookie preference for Law Society websites (www.lawsociety.ie, www.legalvacancies.ie, www.gazette.ie)
FTGServer 1 Hour Website content ( /CSS , /JS, /img )
_ga 2 Years Google Analytics
_gat Session Google Analytics
_git 1 Day Google Analytics
AptifyCSRFCookie Session Aptify CSRF Cookie
CSRFDefenseInDepthToken Session Aptify defence cookie
EB5Cookie Session Aptify eb5 login cookie

Functional cookies

Cookie name Duration Cookie purpose
Zendesk Local Storage Online Support
platform.twitter.com Local Storage Integrated Twitter feed

Marketing cookies

Cookie name Duration Cookie purpose
fr 3 Months Facebook Advertising - Used for Facebook Marketing
_fbp 3 months Used for facebook Marketing
DPC steps in to ensure GDPR compliance
Pic: Shutterstock

26 Nov 2021 / data law Print

DPC steps in to ensure GDPR compliance

The Data Protection Commission (DPC) has said that more than 70 public bodies have brought themselves into compliance with a key aspect of the GDPR data-privacy rules after its intervention.

The data watchdog said that it had now completed the most recent stage in its Data Protection Officer (DPO) enforcement programme, which was aimed at improving compliance with article 37 of the GDPR.

Article 37.7 of the GDPR identifies public bodies as among the categories of data controller required to appoint a DPO, and to notify the DPO’s details to the relevant authority.

Private sector

In the initial phase of the project, the DPC identified 77 potentially non-compliant public bodies from a total of almost 250.

“Following the intervention of the DPC, over 70 organisations brought themselves into compliance, raising the sector’s compliance rate from 69% to near 100%,” the watchdog said.

This year, the DPC also expanded the project to include the private sector, although there is no automatic requirement for non-public-sector organisations to appoint a DPO.

The commission did, however, identify several sectors that were likely to meet the threshold to appoint a DPO, due to the scale and nature of their data-processing activities.

These sectors included private hospitals and out-of-hours GP services, banks, and credit unions.

DPC reviewing decisions

The DPC found that just over 40% of the 24 organisations identified in the health sector had appointed a DPO, but all were now in compliance with the rules, after its intervention.

The data body’s review identified 34 banking entities, and brought the compliance rate up from 74% to 80%. Three organisations have given the DPC reasons for not appointing a DPO, while the remainder are continuing to engage.

Of the 242 credit unions identified by the DPC, just under 30% were in compliance initially. The watchdog now says that 64% are complying with the rules, with 10% in “partial compliance”.

The commission is reviewing the reasons given by the 13% of credit unions that have chosen not to designate a DPO.

“In cases of where the DPC identifies persistent non-compliance, further enforcement measures will be taken, as proportionate and necessary, to ensure compliance with the requirements of the GDPR,” the commission said.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland