2 minute read
1.1. National and regional Data Protection Authorities (DPAs
1.1. National and regional Data Protection
Authorities (DPAs)
Advertisement
National and regional Data Protection Authorities (DPAs), also known as supervisory authorities, are responsible for the monitoring and consistency of GDPR application. Each Member State has at least one supervisory authority.12 However, while France, Hungary and Italy have only one supervisory authority, Germany and Spain have regional authorities in addition to a central authority. This is a consequence of their federal or devolved constitutional structure. Consequently, competences are then split between central and regional authorities.
DPAs act as enforcers, ombudsmen, auditors, consultants to policy advisors, negotiators and educators.13 The latter role concerns raising public awareness and understanding of the risks, rules, safeguards and rights in relation to the processing of personal data. To this end, DPAs, individually or jointly (e.g. as the European Data Protection Board), issue authoritative guidance on GDPR concepts and provisions.
Some guidance has been addressed to SMEs specifically. Based on the information provided by the STAR II interviews with DPAs as well as desktop research of all EU DPA websites, it appears that slightly fewer than one-third of EU DPAs currently provide GDPR guidance that is specifically tailored to SMEs. Upon the last review, this included the DPAs from Belgium (Autorité de protection des données - Gegevensbeschermingsautoriteit),14 France
12 A list of European DPAs and their websites https://edpb.europa.eu/about-edpb/ board/members_en. 13 Bennett, C. and Raab, C., The Governance of Privacy: Policy Instruments in Global
Perspective, MIT Press (Cambridge MA & London 2003), 109-114. Barnard-Wills, D., Pauner Chulvi, C., and De Hert, P., ‘Data Protection Authority Perspectives on the Impact of Data Protection Reform on Cooperation in the EU’ (2016) 4 CL&SR 32, 587-98 https://doi.org/10.1016/j.clsr.2016.05.006. 14 Autorité de protection des données (APD) - Gegevensbeschermingsautoriteit (GBA), ‘RGPD Vade-Mecum Pour Les PME’ (2018) https://www.autoriteprotectiondonnees. be/publications/vade-mecum-pour-pme.pdf.
(Commission nationale de l’informatique et des libertés),15 Ireland (Data Protection Commission),16 Lithuania (Valstybinė duomenų apsaugos inspekcija),17 Slovenia (Informacijski pooblaščenec),18 Spain (Agencia Española de Protección de Datos),19 Sweden (Datainspektionen)20 and the UK (Information Commissioner’s Office).21 Some of these DPAs further distinguish guidance for micro-businesses.22
15 Commission Nationale de l’Informatique et des Libertés (CNIL), ‘Guide Pratique de Sensibiliation Au RGPD’ (2018) https://www.cnil.fr/sites/default/files/atoms/files/ bpi-cnil-rgpd_guide-tpe-pme.pdf. 16 An Coimisiúm um Chosaint Sonrai/The Data Protection Commission (DPC), ‘Guidance Note: GDPR Guidance for SMEs’ (2019) https://www.dataprotection.ie/ sites/default/files/uploads/2019-07/190708%20Guidance%20for%20SMEs.pdf. 17 Valstybinė duomenų apsaugos inspekcija (VDAI), ‘Rekomendacija Smulkiajam Ir Vidutiniam Verslui Dėl Bendrojo Duomenų Apsaugos Reglamento Taikymo’ (2018) https://vdai.lrv.lt/uploads/vdai/documents/files/Rekomend_SVV_BDAR_2018.pdf. 18 Informacijski pooblaščenec (IP), ‘Varstvo Osebnih Podatkov’ (2018) https://upravljavec.si. 19 Agencia Española de Protección de Datos (AEPD), ‘Facilita RGPD’ https://www.aepd.es/es/guias-y-herramientas/herramientas/facilita-rgpd. 20 Datainspektionen. ‘GDPR - Nya Dataskyddsregler’ www.verksamt.se/driva/gdpr-dataskyddsregler. 21 Information Commissioner’s Office ICO), ‘Data protection advice for small organisations’ https://ico.org.uk/for-organisations/data-protection-advice-for-small-organisations/. 22 DPC, ‘Guidance Note: Data Security Guidance for Microenterprises’ (2019) https://www.dataprotection.ie/sites/default/files/uploads/2019-07/190709%20
Data%20Security%20Guidance%20for%20Micro%20Enterprises.pdf. ICO, ‘How Well Do You Comply with Data Protection Law: An Assessment for Small Business Owners and Sole Traders’ (2019) https://ico.org.uk/for-organisations/business/assessment-for-small-business-ownersand-sole-traders/.
