Data Protection Commission
aka DPC, Irish DPC
Ireland's national data protection authority. Lead supervisory authority for many large US tech companies headquartered in Dublin under the GDPR's one-stop-shop mechanism.
Last reviewed April 2026
Definition
The Data Protection Commission (DPC) is the independent statutory body responsible for upholding the right to data privacy in Ireland under the GDPR and the Data Protection Act 2018. The DPC supervises Irish-established controllers and processors, investigates complaints, audits, issues guidance, and can impose administrative fines up to EUR 20 million or 4% of global annual turnover. Because many large US technology companies have their EU/EEA headquarters in Dublin (Meta, Google, Microsoft, TikTok, X, LinkedIn, Apple, Stripe and others), the DPC also acts as their lead supervisory authority under the GDPR's one-stop-shop mechanism. The DPC handles complaints about Irish SMEs as well: a customer or employee can complain to the DPC about how their data is being handled, the DPC will assess and may open an inquiry, and the controller must cooperate with any audit. Personal data breaches affecting Irish data subjects must be reported to the DPC within 72 hours of the controller becoming aware.
Why it matters for software choice
The 72-hour breach notification window starts from awareness, not from full investigation. Software that automatically logs access, exports the affected record set quickly, and supports controller-side audit trails is essential for hitting that deadline cleanly.
Authority sources
- Data Protection Commission (www.dataprotection.ie)
- Data Protection Act 2018 (www.irishstatutebook.ie)
Software categories this affects
Vendors covered by this term
HiBob
Modern HR platform designed for mid-size companies with strong culture and engagement tools
BambooHR
Intuitive HR platform for Irish SMEs who need hiring, onboarding, and people management
HubSpot CRM
Free CRM with marketing automation, widely adopted by Irish tech and services firms
Salesforce
Enterprise CRM with EU data centres and a strong Irish partner ecosystem
Mailchimp
The world's most widely used email marketing platform, with a generous free tier for small lists
Related terms
Data Residency (EU vs US)
Where customer personal data is stored and processed. Storing inside the EU/EEA simplifies GDPR compliance; processing in the US triggers transfer-mechanism obligations under Schrems II.
Data Processing Agreement
Mandatory contract under GDPR Article 28 between a data controller and a data processor. Sets out subject matter, duration, processing purposes, and required security measures.
Standard Contractual Clauses
Pre-approved contractual templates issued by the European Commission for transferring personal data outside the EEA. The default fallback when no adequacy decision applies.