Data & Privacy

Under GDPR and the Data Protection Act 2018, you have the right to object to unlawful data processing, request erasure, and lodge a complaint with the Data Protection Commission.

If a data breach exposes your personal information in Ireland, the controller must notify the Data Protection Commission (DPC) within 72 hours and inform you without undue delay if the breach is likely to result in a high risk to your rights and freedoms.

Under Irish law, a company must respond to your data access request within one month. If they fail to do so, you can complain to the Data Protection Commission.

Yes, you can request a company to delete your personal data in Ireland under the Data Protection Act 2018, which gives you a right to erasure in certain circumstances.

You have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning you or significantly affects you, unless certain exceptions apply.

Yes, under Irish data protection law, you have the right to restrict how a company processes your personal data in certain situations, such as when you contest its accuracy or object to processing.

Yes, you can object to a charity using your personal data for fundraising under the Data Protection Act 2018. The charity must stop using your data for that purpose as soon as possible after receiving your objection.

Yes, you can sue for damages from a data breach in Ireland under the Data Protection Act 2018, if you suffer material or non-material damage as a result of an infringement.

You can make a Freedom of Information (FOI) request in writing to any public body covered by the Freedom of Information Act 2014. The body must respond within 4 weeks.

Yes, you can appeal a refused FOI request to the Information Commissioner within 6 months of receiving the decision.

Under Irish law, you have a legal right to access and download your personal data from social media companies. They must provide it without undue delay and within one month of your request.

A privacy notice in Ireland must clearly state the identity and contact details of the data controller, the purposes and legal basis for processing, the recipients of personal data, retention periods, and individuals’ data protection rights.

The legal basis for processing personal data in Ireland is set out in the Data Protection Act 2018 and the GDPR, requiring at least one lawful basis (e.g., consent, contract, legal obligation) before processing can occur.

Profiling for insurance purposes is lawful in Ireland only if it complies with the Data Protection Act 2018, including fairness, transparency, and safeguards — especially where it produces legal or significant effects.

Yes, you can complain to the Data Protection Commission (DPC) in Ireland if you believe your data protection rights have been breached.

Yes, the Data Protection Commission (DPC) in Ireland can fine a company for a GDPR breach under the Data Protection Act 2018.

The Data Protection Commission (DPC) is Ireland’s independent authority responsible for upholding data protection rights, enforcing the GDPR and Data Protection Act 2018, and guiding organisations on compliance.

A school in Ireland must not share your child's personal data without a lawful basis — such as your explicit consent or another valid ground under the Data Protection Act 2018. Unauthorised sharing may be a breach of data protection law.

Under Irish law, a company transferring your personal data outside the EU must ensure an adequate level of protection, using approved safeguards like Standard Contractual Clauses or binding corporate rules.

Sharing CCTV footage of you without your consent may breach the Data Protection Act 2018, which requires lawful, fair, and transparent processing of personal data.

In Ireland, your landlord generally cannot install cameras in private areas without your knowledge or consent, as it likely breaches the Data Protection Act 2018. Cameras in shared or communal areas may be lawful only if justified, transparent, and proportionate.

Yes, your employer can monitor your work email in Ireland, but only if it’s lawful, fair, transparent, and complies with the Data Protection Act 2018 — including having a clear policy and legitimate reason.

A Data Protection Impact Assessment (DPIA) is a process required under Irish and EU law to identify and minimise data protection risks before launching a high-risk processing activity.

You can stop spam emails by withdrawing consent, using the unsubscribe link, and reporting persistent senders to the Data Protection Commission.

In Ireland, a company must obtain your clear, informed consent before using non-essential cookies — unless they are strictly necessary for the service you requested.