DPAs on the Ground

As of May 25, 2020, the EU General Data Protection Regulation has been in force for two years. The GDPR provides that by this anniversary (and every four years thereafter), the European Commission must submit a report on the evaluation and review of the GDPR to the European Parliament and Council. To support the first mandated evaluation of the GDPR, the commission sent a questionnaire to data protection authorities to be completed by January 2020. The questions focus on the GDPR’s international transfers regime and its mechanisms to support cooperation and consistency across the European Union. The European Data Protection Board published an informative synthesis of DPA responses.

To understand DPAs’ work in practice, though, a closer look at DPAs’ separate circumstances and resources is needed. This piece focuses on the resources available to each DPA and its progress so far in addressing complaints, both individually and in coordination with other member-states. Additionally, it highlights the GDPR's impact on budget and staffing levels in relation to a country's GDP. Results from the questionnaire provide an illustrative snapshot into DPAs’ work “on the ground.”