EU and EEA data protection supervisory authorities
EU and EEA data protection supervisory authorities

The following Information Law guidance note provides comprehensive and up to date legal information covering:

  • EU and EEA data protection supervisory authorities
  • The EDPB
  • EDPS
  • EU national supervisory authorities
  • German Länder supervisory authorities
  • Other EAA national supervisory authorities
  • The UK supervisory authority

Brexit: On 31 January 2020, the UK ceased to be an EU Member State and entered an implementation period, during which it continues to be subject to EU law. During this period, the GDPR applies in the UK and the UK generally continues to be treated as an EU (and EEA) state for EEA and UK data protection law purposes. Any references to EEA or EU states in this Practice Note should therefore be read to also include the UK until the end of the implementation period. For further guidance on that period, its duration and the data protection laws that are anticipated to apply after the end of it, see Practice Note: Brexit—implications for data protection.

A key objective of the General Data Protection Regulation, Regulation (EU) 2016/679 (the GDPR) is to achieve a level of consistency in relation to how data protection is implemented and enforced across the EU and EEA.

Under the GDPR, each Member State can specify one or more independent public authorities to be responsible for monitoring the application of the GDPR, ie a ‘supervisory authority’. This Practice Note:

  1. introduces the European Data Protection Board (EDPB)

  2. introduces the European Data Protection Supervisor (EDPS)

  3. provides a consolidated lists of supervisory authorities in the EU and EEA

  4. provides links to guidance on the UK’s equivalent supervisory authority

For guidance