On 27th February, The Data Protection Commissioner (DPC), Helen Dixon, launched the 2017 Annual Report of the DPC, her fourth annual report since taking office and also announced a national public information campaign to further raise awareness of the General Data Protection Regulation (GDPR) which will apply from 25 May 2018.


This report details the workings of the office throughout 2017, a year that saw a significant increase in the DPC’s budget to €7.5 million (the budget for 2018 is further increased to €11.7 million), and the extensive recruitment of a very strong team of new hires with a diverse range of relevant skills. Such increase in resources means that the DPC is now among the top tier of the most highly-resourced national data protection authorities in the EU28.


Highlights of the 2017 Annual Report include:

  • total complaints received in 2017 was up by 79% on 2016 with the largest single category being “Access Rights” which made up 1,372 (or 52%) of the total;
  • 2,594 complaints were concluded in 2017, compared to 1,438 in 2016;
  • 2,795 valid data security breaches were recorded in 2017, representing an increase of 26% on the number of breaches recorded in 2016;
  • the DPC’s Special Investigations Unit continued its work in the Private Investigator sector resulting in several prosecutions;
  • the DPC also commenced an investigation in the Hospital Sector on the processing of patient data; on Tusla (the Child and Family Agency) regarding the governance of personal data concerning child protection cases; and on the Public Services Card of the Department of Employment and Social Protection;
  • six entities were prosecuted in 2017 in respect of electronic marketing. The summonses for these six cases covered 42 offences;
  • a dedicated GDPR Awareness and Training Unit was established in 2017 with responsibility for driving the DPC’s awareness activities. Central to the GDPR awareness drive was the launch of a microsite: www.GDPRandYou.ie, serving as a central hub for published guidance and a starting point for organisations seeking assistance with GDPR preparations.

The Data Protection Commissioner, Helen Dixon, in publishing her fourth Annual Report commented that the protection of personal data is of fundamental importance in this digital age. The Irish DPC has a critically important role to play in ensuring those protections are delivered and I’m pleased to launch my Annual Report today to highlight outcomes, progress and challenges for the past year and to raise awareness of data protection law as we move into GDPR implementation in 2018.”

The DPC spent much of 2017 raising awareness for the GDPR and Ms. Dixon had the following message “the GDPR’s focus is on demanding accountability from organisations in how they collect and process personal data. The best results for data subjects are secured when organisations of all types deliver on their obligations to be fair and transparent. We firmly believe that organisations should see the GDPR as an opportunity rather than a challenge and that those who can demonstrate a true commitment to data protection will be rewarded in the marketplace for their services.”