Question 1

What GDPR obligations do breweries / distilleries in Cork have?

Accepted Answer

Breweries / Distilleries in Cork must appoint a data controller, maintain records of processing activities, implement appropriate security measures, provide privacy notices to customers, and respond to data subject access requests within one month under the Data Protection Act 2018.

Question 2

Can the DPC fine a brewery / distillery in Cork?

Accepted Answer

Yes. The Data Protection Commission can fine any business in Cork, including breweries / distilleries, up to €20 million or 4% of global annual turnover for serious GDPR breaches. Even smaller infringements can result in fines up to €10 million.

Question 3

Do I need a Data Protection Officer for my brewery / distillery in Cork?

Accepted Answer

Not all businesses need a formal DPO, but if your brewery / distillery processes personal data on a large scale or handles special category data (like health information), you may be required to appoint one under GDPR Article 37. Even if not mandatory, having someone responsible for data protection in your Cork business is best practice.

Question 4

How do I handle a data breach at my brewery / distillery in Cork?

Accepted Answer

You must notify the DPC within 72 hours of becoming aware of a personal data breach that poses a risk to individuals. You should also notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms. Cork's dense concentration of pharma and tech multinationals processing health data and personal data at scale makes it one of the most GDPR-intensive counties outside Dublin, with Apple's European HQ drawing particular DPC attention.

Question 5

What privacy policy does a brewery / distillery in Cork need?

Accepted Answer

Your brewery / distillery needs a clear, plain-language privacy policy that explains what data you collect, why you collect it, how long you keep it, who you share it with, and what rights customers have under GDPR. This must be easily accessible to all customers and staff in your Cork premises.

Question 6

What GDPR obligations do Irish breweries and distilleries have in Cork?

Accepted Answer

Breweries and distilleries that collect any personal data — through online sales, taproom visits, tours, or loyalty programmes — must comply with GDPR. This means having a privacy notice, a lawful basis for each type of processing, data processing agreements with third parties, and processes for handling data subject requests. The DPC does not exempt any business by size or sector.

Question 7

How should a distillery handle age verification data under GDPR in Cork?

Accepted Answer

Collect only the minimum data needed to verify age. A date of birth or a simple age confirmation checkbox is usually sufficient for online sales. If you verify age in person, do not photograph or photocopy identity documents — simply record that verification was carried out. Any age verification data you do collect should be retained only as long as necessary.

Question 8

Can a brewery email tour visitors about new products in Cork?

Accepted Answer

Not unless the visitor specifically consented to marketing communications. Booking a tour gives you their data for the purpose of the tour only. Under GDPR, you need a separate lawful basis — typically consent — to send marketing. Include an opt-in checkbox on the booking form that is not pre-ticked, and keep a record of who consented.

Question 9

Do brewery taprooms need a CCTV policy in Cork?

Accepted Answer

Yes. If you have CCTV in your taproom or visitor area, you must comply with the DPC's guidance on CCTV. This includes displaying clear signage, having a documented lawful basis (usually legitimate interest with a balancing test), retaining footage for no more than 30 days in most cases, and restricting access to authorised staff only.

Question 10

What GDPR rules apply to brewery loyalty clubs in Cork?

Accepted Answer

Loyalty clubs collect personal data including names, contact details, purchase history, and preferences. You must provide a clear privacy notice when someone signs up, only collect data you actually need, allow members to access or delete their data on request, and review your membership list regularly to remove inactive members. You also need a lawful basis for any marketing communications sent to members.

GDPR Compliance for Breweries / Distilleries
in Cork

Why This Matters for Breweries / Distilleries in Cork

Do breweries / distilleries in Cork need GDPR compliance?

Key GDPR Risks for Breweries / Distilleries

Personal Data Your Brewery / Distillery Processes

Find out your GDPR score in 2 minutes

Required GDPR Policies & Documents

GDPR Compliance Steps for Breweries / Distilleries

Common GDPR Mistakes Breweries / Distilleries Make

Frequently asked questions

Don't wait for the DPC to come knocking

GDPR Compliance for Breweries / Distilleries in Cork