Skip to main content

File a DPC Complaint

Step-by-step guide · 10 min read

What you'll need

  • Evidence of the GDPR breach (SAR copies, correspondence)
  • Proof you raised it with the company's DPO
  • Timeline of events
  • The company's DPO contact details
1

Confirm you have a GDPR issue

DPC complaints are for data protection breaches, not general customer service issues. Common GDPR grounds include:

  • SAR not responded to within 30 days
  • Incomplete or heavily redacted SAR response
  • Inaccurate personal data being processed (Article 5(1)(d))
  • Data shared without consent or lawful basis
  • Refusal to correct inaccurate data (Article 16)
  • Refusal to erase data you've requested deleted (Article 17)
2

Raise it with the company's DPO first

The DPC expects you to raise the issue with the company's Data Protection Officer before filing. Use our Company Lookup to find their DPO email.

Send a concise email stating the GDPR breach and the remedy you want (correction, deletion, compensation). Give them 30 days to respond.

3

Gather your evidence

Before filing with the DPC, collect:

  • Your original SAR email (with date sent)
  • Any response (or lack thereof)
  • Evidence of inaccurate data (CCR report, SAR data showing contradictions)
  • Correspondence with the company's DPO
  • Timeline of events
4

Go to the DPC complaint form

Visit forms.dataprotection.ieand select “Make a complaint.” You'll need to create an account or log in.

5

Select the correct complaint type

Choose the category that best matches your complaint:

  • Access Request — if your SAR was ignored or incomplete
  • Data Accuracy — if inaccurate data is being processed
  • Right to Erasure — if they refused to delete your data
  • Disclosure — if your data was shared without consent
6

Write your complaint

Be factual and specific:

  1. State the company name and what data is affected
  2. State the GDPR article breached (e.g., Article 15 for SAR, Article 5(1)(d) for accuracy)
  3. Provide a timeline of what happened
  4. State what you want the DPC to do

Tip: Mention if the company is a regulated financial services provider. The DPC takes complaints about regulated entities seriously because they have enhanced data protection obligations.

7

Upload your evidence

Attach all supporting documents. Use clear file names like SAR_Request_2024-01-15.pdf. The DPC can handle PDFs and common document formats.

8

Submit and track

After submission, the DPC will assign a case number. The investigation timeline varies significantly — from weeks to months. The DPC may contact the company for their response before deciding.

Parallel track: A DPC complaint does not replace the FSPO route. File both in parallel — the DPC handles data breaches while the FSPO handles conduct and financial loss. They strengthen each other.

Share:

Need help with your specific case?

Our guides cover the process — but every case is different. If you want someone to review your situation and tell you exactly what to do next, we can help.

Was this guide helpful?

Disclaimer: This website provides general information based on personal experience navigating Irish financial complaint systems. It is not legal advice. Every case is different. If you need legal advice, consult a solicitor.