Data Protection

This is a rapidly evolving area and one of increasing importance for all businesses, organisations and government entities that collect, transfer or process personally identifiable information.

Meet the team
Practice Privacy and Data Security v2 resized

We provide practical advice to assist our client on matters such as:

  • General compliance with data protection law.
  • Development and implementation of relevant policies, procedures, and guidance documents.
  • Advising in relation to the processing of all categories of personal data including sensitive or special category data.
  • Review and introduction of new data processing activities and technologies together with the undertaking of risk, data protection impact (DPIA) and legitimate interest assessments (LIA).
  • Preparation and review of agreements relating to the collection, processing, sharing, transfer (including international transfers), and disclosure of information and personal data.
  • Sharing of personal data between public authorities.

Data Subject Rights

We assist clients in relation to the exercise of Data Subject Rights including rights of access (Data Subject Access Requests (DSAR)) to personal data. Be it a DSAR, a request for erasure or a complaint or claim, RDJ has the expertise and experience to support our clients in the:

  • End-to-end management of the exercise of data subject rights
  • Identification of the potential custodians and records
  • Refinement of data categories
  • Secure collection of relevant records (where necessary)
  • Redaction or pixilation and processing or CCTV
  • Advising in relation to the right and obligation to restrict access and the undertaking of redactions as necessary
  • Processing of records for release to the data subject

To provide efficient and thorough results to Data Subject Access Requests (DSAR), we deploy an AI-powered eDiscovery tool to cull irrelevant data in minutes, drastically reducing the number of documents to be reviewed and ultimately speeding up service delivery.

Using AI, we can:

  • Categorise documents by type
  • Manage datasets from an interactive dashboard
  • Bulk sort documents
  • Erase duplicates
  • Collate and view emails by conversation thread
  • Filter emails based on sender and recipients
  • Find conceptually similar documents
  • Collaborate with colleagues on tasks
  • Redact individually or in bulk
  • Export results in custom report formats

Complaints and Statutory examinations/investigation

We regularly advise in relation to the complaints made by data subjects internally to organisations and to the Data Protection Commission (“DPC”). In addition, we advise clients in relation to all aspects of examinations and statutory inquiries launched by the DPC.

Personal Data breach claims/proceedings

The GDPR introduced a right for data subjects to seek a judicial remedy against a data controller who has breached the data subject’s rights. A judicial remedy includes an injunction and claims for material (financial loss) or non-material (emotional suffering) damage. Our data protection team regularly advise in the defence of such proceedings/claims.

Cyber-Security

Information and security breach can often be high profile, damage confidence and severely impact your business. RDJ offers a 24/7 Incident Response Service and have broad experience advising clients in the end-to-end investigation, management and recovery from security incidents. To learn more about our Cyber-Security Incident Response team visit here.

Key Contacts

77 Ricky Kelly 1195x730

Ricky Kelly

Partner +353 21 2332826 Email
Jennifer Noctor2

Jennifer Noctor

Partner +353 21 2332839 Email
Elena Vassileva 3

Elena Vassileva

Senior Associate + 353 21 2332817 Email
Bio Photo 3

Sarah Slevin

Partner +353 1 6054259 Email
Lisa Mannion

Lisa Mannion

Senior Associate +383 21 2332885 Email
View Full Privacy and Data Security Team
'The team simplify requirements very well. They work collaboratively with me to understand what I need, help me understand what can be done. I feel I have a partner in meeting the necessary timelines.'
– The Legal 500 (2025)
‘The team is extremely responsive and has a really deep knowledge of data protection issues and how to interpret the relevant legislation at a practical level.’
– The Legal 500 (2025)
'Collaborative, personable, engaging, knowledgeable.'
– The Legal 500 (2025)
The RDJ team has a deep understanding of data privacy and protection laws and regulations. They are also experts in the latest technologies and trends in the field.
– The Legal 500 (2024)
RDJ worked with us to develop solutions tailored to their specific needs that are both effective and affordable. The team is committed to providing excellent client service. They were responsive to our needs and provided timely and helpful advice. They worked closely with us and other professionals to understand our needs and develop solutions.
– The Legal 500 (2024)

Related Content

Insights and Publications Template 3
Cyber and Data Protection 28 04 2025

Work phones and personal data: Who’s in control?

A recent judgment issued by Justice Barry O’Donnell saw the dismissal of a Judicial Review (JR) concerning personal data on a work phone provided by the HSE.Jennifer Noctor an...

Read more About This Work phones and personal data: Who’s in control?
I Stock 1306500205
Cyber and Data Protection 25 04 2025

EU fines Apple and Meta €700m for non-compliance with Digital Markets Act

The European Commission has fined Apple and Meta a total of €700 million for breaches of the Digital Markets Act (DMA).The highly anticipated decisions are the first to be iss...

Read more About This EU fines Apple and Meta €700m for non-compliance with Digital Markets Act
I Stock 1393901795
Cyber and Data Protection 13 01 2025

Data Protection Commissioner publishes Toolkit for Schools

The Data Protection Toolkit for Schools was published on 19 December 2024 to assist schools in understanding the nature of their obligations as data controllers. In this insig...

Read more About This Data Protection Commissioner publishes Toolkit for Schools
Dillon v Irish Life [2024]
Cyber and Data Protection 04 12 2024

Is distress, upset or anxiety a form of personal injury? - Supreme Court to hear appeal that will impact future of personal data breach claims

A plaintiff has successfully sought leave to appeal non material damages under the GDPR as a result of an alleged breach of his personal data to the Supreme Court. In our late...

Read more About This Is distress, upset or anxiety a form of personal injury? - Supreme Court to hear appeal that will impact future of personal data breach claims
I Stock 1485820940
Cyber and Data Protection 24 01 2024

Balancing Risk with Innovation: EU's Approach to AI Procurement Contracts

As we edge closer to the AI Act being adopted into an agreed and final text, the European Commission have published a draft of what are known as 'standard contractual clauses'...

Read more About This Balancing Risk with Innovation: EU's Approach to AI Procurement Contracts
AI woman
Cyber and Data Protection 17 01 2024

2024: The Year Of AI

On 29 December 2023, on the floor of the New York Stock Exchange, 2024 was declared to be the “year of AI” by top tech analyst Dan Ives. In this insight, Ricky Kelly and Sadhb...

Read more About This 2024: The Year Of AI
Chat GPT
Artificial Intelligence 12 09 2023

Using AI in Your Business: What to Consider, and What Rules are Coming

The rapid advancements of Artificial Intelligence continues to create numerous legal and ethical challenges. Whilst generative AI tools have become part of business operations...

Read more About This Using AI in Your Business: What to Consider, and What Rules are Coming
Website Insight Template 3
Cyber and Data Protection 17 05 2023

Non-Material Damage Compensation – the CJEU Enters the Fray

The CJEU delivers its first, and eagerly awaited, decision on the concept of ‘non-material damage’ arising from an infringement of the GDPR and in doing so departs from the Ad...

Read more About This Non-Material Damage Compensation – the CJEU Enters the Fray
People blurry in motion in yellow tunnel down hallway
Cyber and Data Protection 29 03 2023

Has the tide turned? - DPC Report 2022

Has the tide turned? The DPC has faced strong criticism for a perceived failure to enforce data protection law against the Big Tech Firms. 2022 however saw an increase in enfo...

Read more About This Has the tide turned? - DPC Report 2022
Data Protection
Cyber and Data Protection 22 03 2023

Responding to a Data Subject Access Request – What additional information must be provided?

The GDPR establishes the right for Data Subjects to seek access to their personal data. In this helpful Insight, Ricky Kelly examines the additional information that must be f...

Read more About This Responding to a Data Subject Access Request – What additional information must be provided?
Data Protection
Cyber and Data Protection 02 02 2023

Damages arising from a data breach: when is it really non-material?

In this insight we consider recent developments in Ireland and the EU that will educate how organisations measure non-material damage suffered by individuals arising from a br...

Read more About This Damages arising from a data breach: when is it really non-material?
Server Room Data Centre
Cyber and Data Protection 22 05 2022

The Data Act – “It's not personal, it's just business"

The objectives of its data strategy are to make the EU a “role model and leader for a society empowered by data”. Recognising the amount of data that continues to be generated...

Read more About This The Data Act – “It's not personal, it's just business"

Explore our services