Data Protection Commission (DPC) publishes Regulatory Strategy for 2022-2027


Date: 22 December 2021

In its Strategy for 2022-2027, the Data Protection Commission sets out an ambitious vision for what they believe will be five crucial years in the evolution of data protection law, regulation and culture.

From the Feedback Statement: Compliance Institute’s submission was one of just 28 made to the DPC, and one of eight from representative bodies. The DPC feedback is very encouraging with strong commitments to new partnerships, more guidance, case studies and codes of conduct, and notably one request we made in our submission, for data protection professionals that are not designated DPOs to have access to DPC supports including being brought within the DPC DPO Network.

The breadth of the DPC’s regulatory remit cuts across all areas of personal and public life; both at national and international level. In order to develop a Regulatory Strategy that will provide effective direction for such a vast operational remit, the DPC has been careful to take account of the wider context in which it regulates, the needs of its diverse stakeholders and the evolving nature of the fast-paced and non-traditional sectors it regulates.


The Strategy is arranged according to fundamental goals, underpinned by the DPC’s mission, vision and values, which collectively contribute to the delivery of its strategic priorities. The DPC recognises that it cannot achieve its ambitions alone – new partnerships and new ways of engaging will be necessary as they look towards a future of closer convergence. Nonetheless, the DPC builds from a position of confidence: as a Regulatory office with ambition, a clear sense of purpose, a history of achievement, and a future of considerable promise.


In order to prepare this Regulatory Strategy, the DPC has engaged in a period of iterative consultation with a broad range of stakeholders, both internal and external, gathering insights and experiences of how the application of the General Data Protection Regulation (GDPR) has impacted the lives of individuals and organisations operating across a wide range of sectors. It is clear from the depth of thought given to these submissions that the GDPR is a matter of vital interest for many people.

 As is the case with any far-reaching legislation, the various interpretations from stakeholders of how best to apply the GDPR are not always in sympathy with each other. Nonetheless, the DPC is tasked with extracting the commonalities from these disparate points of view, and identifying an agenda of regulatory priorities which will drive compliance and promote better data protection outcomes for EU individuals.


One overarching objective - to do more, for more – has underpinned the strategic choices made in this Strategy, as the DPC navigates a regulatory future replete with competing priorities.


DPC Regulatory Strategy 2022-2027 PDF


DPC Regulatory Strategy Consultation Feedback Report PDF