#noscript-warning a{ color: white; }

To use all the functions of this website, you will need to enable Javascript in your browser.

11. Data Protection Officer

Publication Last updated: 22/11/2025

An organisation is required to appoint a designated data protection officer (DPO) where:

the processing is carried out by a public authority or body;
its core activities consist of processing operations, which require regular and systematic monitoring of data subjects on a large scale; or
its core activities consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offences.

If the firm falls into one or more of the above categories, it should consider the qualifications required to fill the DPO role on the Data Protection Commission website and make a notification of the appointee to the DPC. See also guidance from the EDPB

Browse other Law Society guidance on the General Data Protection Regulation (GDPR) through the links below.

Cookie name	Duration	Cookie purpose
ASP.NET_SessionId	Session	This cookie holds the current session id (OPPassessment only)
.ASPXANONYMOUS	2 Months	Authentication to the site
LSI	1 Year	To remember cookie preference for Law Society websites (www.lawsociety.ie, www.legalvacancies.ie, www.gazette.ie)
FTGServer	1 Hour	Website content ( /CSS , /JS, /img )
_ga	2 Years	Google Analytics
_gat	Session	Google Analytics
_git	1 Day	Google Analytics
AptifyCSRFCookie	Session	Aptify CSRF Cookie
CSRFDefenseInDepthToken	Session	Aptify defence cookie
EB5Cookie	Session	Aptify eb5 login cookie

Cookie name	Duration	Cookie purpose
Zendesk	Local Storage	Online Support
platform.twitter.com	Local Storage	Integrated Twitter feed

Cookie name	Duration	Cookie purpose
fr	3 Months	Meta Advertising - Used for Meta Marketing
_fbp	3 months	Used for Meta Marketing