Mervinskiy 495

Page 26

1.1. National and regional Data Protection Authorities (DPAs) National and regional Data Protection Authorities (DPAs), also known as supervisory authorities, are responsible for the monitoring and consistency of GDPR application. Each Member State has at least one supervisory authority.12 However, while France, Hungary and Italy have only one supervisory authority, Germany and Spain have regional authorities in addition to a central authority. This is a consequence of their federal or devolved constitutional structure. Consequently, competences are then split between central and regional authorities. DPAs act as enforcers, ombudsmen, auditors, consultants to policy

1. Navigating support

advisors, negotiators and educators.13 The latter role concerns raising public awareness and understanding of the risks, rules, safeguards and rights in relation to the processing of personal data. To this end, DPAs, individually or jointly (e.g. as the European Data Protection Board), issue authoritative guidance on GDPR concepts and provisions. Some guidance has been addressed to SMEs specifically. Based on the information provided by the STAR II interviews with DPAs as well as desktop research of all EU DPA websites, it appears that slightly fewer than one-third of EU DPAs currently provide GDPR guidance that is specifically tailored to SMEs. Upon the last review, this included the DPAs from Belgium (Autorité de protection des données - Gegevensbeschermingsautoriteit),14 France

24

12

A list of European DPAs and their websites https://edpb.europa.eu/about-edpb/ board/members_en.

13

Bennett, C. and Raab, C., The Governance of Privacy: Policy Instruments in Global Perspective, MIT Press (Cambridge MA & London 2003), 109-114. Barnard-Wills, D., Pauner Chulvi, C., and De Hert, P., ‘Data Protection Authority Perspectives on the Impact of Data Protection Reform on Cooperation in the EU’ (2016) 4 CL&SR 32, 587-98 https://doi.org/10.1016/j.clsr.2016.05.006.

14

Autorité de protection des données (APD) - Gegevensbeschermingsautoriteit (GBA), ‘RGPD Vade-Mecum Pour Les PME’ (2018) https://www.autoriteprotectiondonnees. be/publications/vade-mecum-pour-pme.pdf.

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

4.2. When and what monitoring activities are permissible?

12min
pages 156-174

3.7. A risk-based approach in practice

1hr
pages 99-153

the personal data of employees?

2min
pages 154-155

3.6. How can a risk-based approach benefit SMEs?

1min
page 98

in the GDPR?

1min
page 97

2.6. The obligation to appoint a Data Protection Officer (DPO

22min
pages 77-96

2.5. What are the data subjects’ rights?

13min
pages 64-76

operations?

8min
pages 43-50

processing?

11min
pages 53-63

2.1. What is personal data and its processing?

10min
pages 33-42

of personal data?

2min
pages 51-52

1.6. The EU funded initiatives

1min
page 31

1.3. The European Data Protection Supervisor (EDPS

1min
page 29

1.7. The International Association of Privacy Professionals (IAPP

0
page 32

Acknowledgements

1min
page 11

Liability and legal disclaimer

1min
page 12

Background

1min
page 19

1.2. The European Data Protection Board (EDPB

1min
page 28

Structure

3min
pages 20-21

1.1. National and regional Data Protection Authorities (DPAs

2min
pages 26-27

Method

1min
page 22

List of abbreviations

4min
pages 13-18
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.