Employee Non-Disclosure Agreement (Ireland)

An Employee Non-Disclosure Agreement in Ireland binds the parties to keep specified information confidential and limits how it may be used or disclosed, under the framework of the Trade Secrets Directive (EU 2016/943, transposed). It restricts disclosure and use of designated confidential information between the disclosing and receiving parties.

The legal framework for employee NDAs in Ireland draws from several sources. The common law duty of fidelity requires an employee to act in good faith towards their employer during the employment relationship, including keeping confidential information secret and not competing with the employer's business during the period of employment. However, this implied duty is significantly limited after the employment ends — it typically protects only trade secrets and highly confidential information in the strict sense, and does not protect the employee's general skill, knowledge, experience, and know-how that naturally becomes part of the employee's professional competence over time.

The European Union (Protection of Trade Secrets) Regulations 2018 (S.I. No. 188 of 2018), which transposed EU Directive 2016/943 into Irish law, provide statutory protection for trade secrets, defining a trade secret as information that is secret (not generally known among persons who normally deal with such information), has commercial value because it is secret, and has been subject to reasonable steps — including the execution of NDAs — to maintain its secrecy. Under Regulation 4 of the 2018 Regulations, the unlawful acquisition, use, or disclosure of a trade secret is actionable and the holder may apply to the High Court for injunctions, damages, corrective measures, and the delivery up or destruction of infringing materials. An employee NDA is one of the most important reasonable steps an employer can take to protect trade secrets under the Regulations. Employers who fail to take such steps risk losing the statutory protection afforded by the Regulations, which is why written NDAs should be a standard feature of the employment documentation for any employee who will have access to commercially sensitive information.

The GDPR and the Data Protection Act 2018 impose obligations on employees who process personal data in the course of their employment. An employee NDA should address these data protection obligations alongside commercial confidentiality obligations, including the employee's duty to process personal data only in accordance with the employer's instructions, to maintain the security of personal data, to report data breaches promptly, and to return or destroy personal data held on personal devices at the termination of employment.

The Protected Disclosures Act 2014 (as amended by the Protected Disclosures (Amendment) Act 2022) provides that any NDA provision that restricts protected disclosures is void. An employee NDA must therefore include an express whistleblower carve-out that preserves the employee's right to report wrongdoing to the employer's internal reporting channel, to a prescribed regulatory body, or (in limited circumstances) by public disclosure.

Employee NDAs must be carefully drafted to confirm that post-employment restrictions are reasonable in scope and duration. Irish courts will not enforce overly broad or indefinite restrictions that amount to an unreasonable restraint of trade. The NDA should clearly distinguish between trade secrets (warranting strong, long-lasting protection) and general confidential information (warranting protection for a reasonable defined period), and should tailor the obligations to the seniority and role of the employee.

From a practical risk management perspective, employers in Ireland should combine the employee NDA with appropriate information security policies, access controls, and regular training on the handling of confidential information. The Workplace Relations Commission (WRC) Code of Practice on the Right to Disconnect and the employer's general data protection obligations under the GDPR also interact with the employee NDA — particularly in relation to the use of personal devices for work purposes and the secure handling of work-related data after the employment ends. A thorough approach to confidentiality that combines a well-drafted NDA with practical security measures provides the employer with the strongest possible protection for their commercially sensitive information.

An Irish Employee NDA is needed whenever an employer wishes to formally protect confidential information and trade secrets that an employee will access, create, or handle during their employment. While the common law duty of fidelity provides some baseline protection, a written NDA provides significantly greater certainty, clarity, and enforceability, particularly in relation to post-employment obligations.

You need an Employee NDA when you are: hiring a new employee who will have access to commercially sensitive information such as customer lists, pricing strategies, financial data, product roadmaps, or business plans; employing a worker in a research, development, or technology role where they will create or work with proprietary intellectual property, source code, formulas, processes, or innovations; engaging an employee in a senior or managerial position who will be exposed to strategic business information, acquisition targets, or confidential negotiations; hiring an employee who will handle personal data subject to the GDPR, where additional confidentiality obligations are appropriate to confirm GDPR compliance and reduce the risk of data breaches; or establishing clear post-employment confidentiality obligations that go beyond the limited protection provided by the implied common law duty.

The Terms of Employment (Information) Acts 1994–2014 require employers to provide employees with a written statement of the core terms of employment within five days of commencement and a full written statement within two months. An NDA may form part of or be annexed to this written statement. Where an NDA imposes obligations beyond the employment period, separate consideration — such as a signing bonus, salary increase, or promotion — should be provided and documented where the NDA is entered into during rather than at the commencement of employment, to confirm contractual enforceability.

The employee NDA is typically signed at the commencement of employment, alongside the employment agreement. It may also be signed during employment when an employee takes on a new role with greater access to confidential information, is promoted to a senior position, or is assigned to work on a particularly sensitive project. Where the NDA is signed after the employment has commenced, consideration must be provided — such as a salary increase, bonus, or promotion — to confirm the NDA is contractually binding.

The NDA should be tailored to the specific types of confidential information the employee will access and the level of risk associated with the role. A generic or excessively broad NDA that attempts to protect all information the employee ever encounters during employment is likely to be challenged and may undermine the enforceability of the legitimate restrictions. The employer should take a targeted approach, identifying the specific categories of confidential information that represent genuine business value and focusing the NDA's protections on those categories.

Employers should also consider including an express obligation in the employee NDA to notify the employer promptly if the employee becomes aware of any unauthorised access to or disclosure of confidential information — whether accidental or deliberate. This notification obligation assists the employer in responding quickly to potential breaches and taking the necessary steps to mitigate any harm. The notification obligation also reinforces the employee's awareness of their confidentiality responsibilities and underlines the seriousness with which the employer treats the protection of its trade secrets and proprietary information. Where the employee becomes aware of a personal data breach involving the employer's data, immediate notification is also required under Article 33 of the GDPR, which requires breach notification to the Data Protection Commission within 72 hours of the employer becoming aware of the breach. The employee NDA should cross-reference the employer's data breach response procedures to confirm a coordinated and legally compliant response to any such incident.

Under the Employment Equality Acts 1998-2015, enforced by the Workplace Relations Commission (WRC), parties to this agreement retain rights under the Unfair Dismissals Acts 1977-2015 and the Organisation of Working Time Act 1997. Section 8 of the Unfair Dismissals Act 1977 grants the WRC adjudication officers jurisdiction to hear claims. The Data Protection Act 2018, implementing GDPR in Ireland, governs personal data processed under this agreement. Revenue Commissioners require PAYE/PRSI compliance for all employment arrangements.

A thorough Irish Employee NDA should contain several essential provisions tailored to the employment context and compliant with the applicable Irish and EU legislative framework.

The definition of confidential information should be thorough and cover all types of information the employer seeks to protect, including customer lists, supplier terms, pricing strategies, financial data, marketing plans, technical know-how, software code, research data, and any information marked as confidential. The definition should also cover information disclosed orally, provided it is identified as confidential at the time of disclosure, and should clearly distinguish between trade secrets (warranting indefinite protection) and other confidential information (warranting protection for a defined reasonable period).

The employee's obligations clause should require the employee to keep all confidential information secret during employment and for the specified post-employment period, to use it only for the purposes of performing their employment duties, not to disclose it to any third party without express written authorisation, and to take all reasonable steps to prevent unauthorised disclosure including complying with the employer's information security policies.

The post-employment obligations clause should specify the duration and scope of confidentiality obligations after the employment ends. Irish courts will enforce post-employment restrictions only if they are reasonable in scope and duration. A typical duration is two to five years for general confidential information and indefinite (or for as long as the information remains a trade secret) for trade secrets.

The trade secrets clause should reference the European Union (Protection of Trade Secrets) Regulations 2018 and confirm that information meeting the statutory definition of a trade secret receives enhanced protection, regardless of whether it was specifically identified or marked as a trade secret at the time of disclosure.

The protected disclosures carve-out is mandatory under the Protected Disclosures Act 2014. The clause must state clearly and unambiguously that nothing in the NDA restricts the employee's right to make a protected disclosure under the Protected Disclosures Act 2014 (as amended), including a disclosure to the employer's internal reporting channel, to a prescribed regulatory body, or (where appropriate) by public disclosure.

The data protection clause should address the employee's obligations regarding personal data processed during employment under the GDPR and the Data Protection Act 2018, including the duty to process personal data only in accordance with the employer's documented instructions, to maintain the confidentiality and security of personal data, to report suspected personal data breaches immediately, and to return or securely destroy personal data on personal devices at the end of employment.

The return of materials clause should require the employee to return all documents, devices, electronic files, and materials containing confidential information upon the termination of employment, and to certify in writing that all confidential information has been returned or destroyed and that no copies have been retained.

The remedies clause should acknowledge that breach may cause irreparable harm and that the employer is entitled to seek injunctive relief from the Irish High Court without the necessity of proving actual damage, in addition to damages and any other remedies available at law.

The governing law clause should confirm that Irish law applies and that the Irish courts have jurisdiction over any disputes arising under the NDA. The forms-legal.com Employee Non-Disclosure Agreement (Ireland) template covers the mandatory elements under Trade Secrets Directive (EU 2016/943, transposed).