Ireland

A company won't respond to my data access request.

1 month
Response deadline
€20,000
Max fine for non-compliance
Free
DPC complaint cost
72 hours
Breach reporting window
The Short Answer

Under Irish law, a company must respond to your data access request within one month. If they fail to do so, you can complain to the Data Protection Commission.

What the Law Says

The Data Protection Act 2018 gives effect to the EU General Data Protection Regulation (GDPR) in Ireland. It sets clear obligations on companies that hold your personal data — including the duty to respond promptly to your request to access that data.

If you make a valid data access request (also called a Subject Access Request or SAR), the organisation must respond without undue delay and in any event within one month of receiving the request. This deadline can be extended by two further months where the request is complex or numerous — but only if the organisation informs you within one month and explains why the extension is necessary.

The response must be in writing (or electronic form, if requested) and include all personal data held about you, along with key information such as the purposes of processing, categories of data, recipients, retention periods, and your rights to rectification, erasure, and restriction.

If the company refuses your request or fails to respond, it must give you clear reasons — and inform you of your right to lodge a complaint with the Data Protection Commission (DPC) and to seek a judicial remedy.

Statutory Text

A controller shall respond to a request under section 49(1) without undue delay and in any event within one month of receipt of the request.

Data Protection Act 2018, s. 51 — Duty to respond to requests

What to Do

1

Send your request again in writing (email or letter), clearly quoting GDPR Article 15 and Data Protection Act 2018, s. 49–51, and noting the original date of your first request.

2

Wait until the full one-month deadline passes (counting calendar days from the day after receipt).

3

If still no response, submit a formal complaint to the Data Protection Commission online at dataprotection.ie — it’s free and takes <10 minutes.

4

Keep copies of all correspondence and note dates — this supports your complaint.

5

If the DPC finds a breach, the company may face enforcement action, including fines up to €20,000 (for summary conviction) or higher under GDPR.

Sources

statuteData Protection Act 2018, s. 51 — Duty to respond to requests

Same Question, Other Jurisdictions

GermanyCanadaAustraliaSingaporeEuropean UnionIndiaUKUS-CaliforniaCompare all →

Not legal advice. This article is general information based on publicly available sources, written for educational purposes. Laws change and individual situations vary. Consult a licensed attorney in your jurisdiction before acting on anything you read here. Last reviewed: 2026-06-08.