uplaw.ai
Document representing a GDPR data breach complaint in Ireland

If Your Personal Data Has Been Breached in Ireland You Can Complain to the DPC Yourself

The Data Protection Commission is Ireland's GDPR supervisory authority. This guide covers how to file a free DPC complaint, claim compensation in the Circuit Court, and what evidence to gather — no solicitor needed.

📄DPC · GDPR · Circuit CourtFree DPC complaintFines up to 4% global turnover

What is a personal data breach under GDPR in Ireland?

Under GDPR a personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes incidents where your data is accessed by someone who should not have it, sent to the wrong person, lost on a device, or exposed in a cyberattack.

What must an organisation do when a data breach occurs in Ireland?

Under GDPR Article 33 an organisation that suffers a personal data breach must notify the Data Protection Commission (DPC) within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk to individuals. This is an obligation on the organisation, not on you as the affected individual.

When must an organisation notify me directly about a data breach in Ireland?

Under GDPR Article 34 an organisation must notify you directly without undue delay if a breach is likely to result in a high risk to your rights and freedoms. This could include a breach exposing financial information, health data, or data that could lead to identity theft or discrimination. The notification must describe the nature of the breach and what steps you can take to protect yourself.

How do I complain to the Data Protection Commission in Ireland?

You can submit a complaint to the DPC online at dataprotection.ie. The complaint should describe what data was breached, who held the data, when you became aware of the breach, and what harm or risk you believe has resulted. The DPC will acknowledge your complaint and investigate. The process is free and does not require a solicitor.

Person discovering a personal data breach in Ireland

What evidence should I gather before making a data breach complaint in Ireland?

Before filing your DPC complaint you should gather any notifications you received about the breach, screenshots or records of unauthorised access, correspondence with the organisation, evidence of any harm you suffered such as fraudulent transactions or phishing attempts, and a record of when you first became aware of the issue. This evidence strengthens your complaint.

Can I claim compensation for a data breach in Ireland and how?

Yes. Under GDPR Article 82 you have the right to compensation from the controller or processor for material or non-material damage suffered as a result of a breach of GDPR. In Ireland compensation claims are made in the Circuit Court. You can file a DPC complaint and a civil claim simultaneously — they are independent processes.

What enforcement powers does the DPC have in Ireland?

The Data Protection Commission in Ireland has significant enforcement powers under GDPR including the power to impose administrative fines of up to €10 million or 2% of global annual turnover for certain violations, and up to €20 million or 4% of global annual turnover for the most serious violations. The DPC can also order organisations to cease processing data or bring processing into compliance.

Person filing a data breach complaint with the DPC in Ireland

What happens in cross-border data breach cases involving Irish-based companies?

Ireland is home to the European headquarters of many major technology companies. Because of the one-stop-shop mechanism under GDPR, the DPC acts as lead supervisory authority for these companies across the EU. If your data breach involves a company whose EU headquarters is in Ireland, your complaint should be directed to the DPC regardless of which EU country you live in.

Can I file a DPC complaint and a civil claim at the same time in Ireland?

Yes. A DPC complaint and a civil claim for compensation under GDPR Article 82 are independent processes in Ireland. You do not need to wait for the DPC investigation to conclude before issuing civil proceedings. However, the DPC's findings may be relevant evidence in your civil claim and many individuals wait for the DPC outcome before deciding on litigation.

How does uplaw.ai help with a data breach complaint in Ireland?

Tell us in the chat what data was breached, which organisation was involved, and what harm you have suffered or fear. We help you prepare your DPC complaint, identify what evidence to gather, and understand whether a civil claim for compensation is appropriate in your case.

Person researching GDPR data breach rights in Ireland

Free to start

Data breach in Ireland? Tell uplaw.ai what happened.

No account required. uplaw.ai helps you prepare your DPC complaint and understand your rights to compensation under GDPR.

uplaw.ai is not a law firm and does not provide legal advice. AI can make mistakes — always verify important information before filing.

TermsPrivacySupport

© 2026 VAST BRANDS LLC

Free to start · No account required · uplaw.ai handles the forms