We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.


DPC steps in to ensure GDPR compliance
Pic: Shutterstock

26 Nov 2021 data law Print

DPC steps in to ensure GDPR compliance

The Data Protection Commission (DPC) has said that more than 70 public bodies have brought themselves into compliance with a key aspect of the GDPR data-privacy rules after its intervention.

The data watchdog said that it had now completed the most recent stage in its Data Protection Officer (DPO) enforcement programme, which was aimed at improving compliance with article 37 of the GDPR.

Article 37.7 of the GDPR identifies public bodies as among the categories of data controller required to appoint a DPO, and to notify the DPO’s details to the relevant authority.

Private sector

In the initial phase of the project, the DPC identified 77 potentially non-compliant public bodies from a total of almost 250.

“Following the intervention of the DPC, over 70 organisations brought themselves into compliance, raising the sector’s compliance rate from 69% to near 100%,” the watchdog said.

This year, the DPC also expanded the project to include the private sector, although there is no automatic requirement for non-public-sector organisations to appoint a DPO.

The commission did, however, identify several sectors that were likely to meet the threshold to appoint a DPO, due to the scale and nature of their data-processing activities.

These sectors included private hospitals and out-of-hours GP services, banks, and credit unions.

DPC reviewing decisions

The DPC found that just over 40% of the 24 organisations identified in the health sector had appointed a DPO, but all were now in compliance with the rules, after its intervention.

The data body’s review identified 34 banking entities, and brought the compliance rate up from 74% to 80%. Three organisations have given the DPC reasons for not appointing a DPO, while the remainder are continuing to engage.

Of the 242 credit unions identified by the DPC, just under 30% were in compliance initially. The watchdog now says that 64% are complying with the rules, with 10% in “partial compliance”.

The commission is reviewing the reasons given by the 13% of credit unions that have chosen not to designate a DPO.

“In cases of where the DPC identifies persistent non-compliance, further enforcement measures will be taken, as proportionate and necessary, to ensure compliance with the requirements of the GDPR,” the commission said.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland

Copyright © 2024 Law Society Gazette. The Law Society is not responsible for the content of external sites – see our Privacy Policy.