10 05 2022 Insights Cyber and Data Protection

The Data Protection Commission’s Annual Report for 2021

Reading time: 5min

Privacy and Data Security resized


The Data Protection Commission (“DPC”) recently published its 2021 Annual Report (the “Report”), marking the end of the third full calendar year of the General Data Protection Regulation (“GDPR”).

Regulatory Strategy 2022-2027 (the “Strategy)

The Strategy was adopted in December 2021, following consultation with the public and stakeholders and a consideration of emerging academic theories in relation to effective regulation and behavioural economics. The Strategy sets out the DPC’s roadmap for what it believes will be five crucial years in the evolution of data protection law regulation and culture. The strategy is based upon five inter-connecting pillars of equal priority:

  1. Regulate consistently and effectively
  2. Safeguard Individuals and promote data protection awareness
  3. Prioritise the protection of children and other vulnerable groups
  4. Bring clarity to stakeholders
  5. Support organisations and drive compliance

With this in mind, the DPC has created the agenda of regulatory priorities which will achieve the overall objective ‘to do more, for more’.

Complaints made to the DPC

The Report contains the usual overview of complaints made to the DPC during 2021. A total of 3,419 complaints were made to the DPC. This represents a decrease in the overall amount of complaints made to the DPC in both 2019 and 2020.

The Report details that 52% of all complaints lodged in 2021 were dealt with within the year. In total, 3,564 complaints, including 1,884 complaints received prior to 2021, were concluded.

As has been the trend in recent years, the majority of complaints received by the DPC related to denied access to records. The Report sets out the top five categories of complaints received under GDPR, as shown here: