Ireland
Summary
Law: Data Protection Act 2018 ('the Act') and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')
Regulator: Data Protection Commission ('DPC')
Summary: The Act implements the GDPR and also sets out derogations including certain variations on when data subject rights can be exercised and the processing of special categories of data. There are also additional provisions that regulate the use of children's data beyond the GDPR, although not all of these have yet commenced and are still under discussion. The DPC has been particularly active in issuing guidance on various topics, including cookies, Data Protection Impact Assessments, and data breach notifications. The DPC has initiated several high-profile statutory inquires, however, it only issued its first monetary penalties in May 2020 following a series of breach notifications from a state agency.