The Irish DPA published its 2022 Annual Report


On 7 March 2023, the Irish DPA (“DPC”) published a press release announcing the issuance of its 2022 Annual Report (the “Report”).

The Report contains an overview of the DPC’s activity throughout 2022, such as supporting individuals, investigation and supervision, large-scale inquiries, confirmation of administrative fines, engaging with fellow regulators, and mainstreaming data protection. It also includes an annex covering 20 case studies on complaints, electronic direct marketing, data breaches, one-stop-shop, cross-border matters, and other inquiries.

In a nutshell, the key figures on the work carried out during 2022 refer to:

  • 17 large-scale inquiries concluded, with administrative fines worth over EUR 1B and multiple reprimands and compliance orders imposed;
  • 2,700 complaints received from individuals under the GDPR;
  • 5,828 valid data breach notifications received (down 12% compared to the previous year);
  • 125 valid cross-border complaints received (as Lead SA) and 246 cross-border complaints concluded;
  • 207 electronic direct marketing investigations concluded;
  • 7 pieces of substantial new guidance, including 3 short guides for children on their data protection rights;
  • over 300 EDPB meetings contributed at.

According to the Irish Commissioner for Data Protection, “2023 will bring big new decisions from the DPC; more judgments from the CJEU; more data protection litigation involving DPC heard in Ireland; the start of application of certain provisions of the DSA and DMA; and the commencement of the Online Safety and Media Regulation Act in Ireland, among other developments”.

The press release is available here, and the full Report is available here.