GDPR + Irish DPC — what should I expect for compliance?

The Irish Data Protection Commission (DPC) is one of the most active EU enforcement bodies — many global tech giants (Meta, Google, Apple, TikTok, Microsoft) are HQ’d in Ireland because they wanted DPC as their lead supervisory authority. Practical impact for Magento:

• Lawful basis documented per processing operation (orders, marketing, analytics).
• DSAR automation — one-click export of customer data + order history + cookie history within 30 days.
• Cookie consent via Cookiebot / Usercentrics / Klaro — DPC requires opt-in, no pre-ticked checkboxes, granular categories.
• Data Processor Agreements with every third party (Stripe, Mailchimp, hosting).
• Breach notification within 72 hrs — we wire a logging hook so your DPO gets paged on suspicious access.

Strict but predictable — if you do it right once, DPC tends not to revisit.