Data protection authority / data protection supervisory authority

Each EU member state has at least one independent data protection supervisory authority to monitor compliance with the General Data Protection Regulation. In Germany, there is one authority in each federal state as well as another authority at federal level, the Federal Commissioner for Data Protection and Freedom of Information.

In the German federal states, it is the task of the state data protection commissioners to advise consumers, companies and authorities on data protection issues, to monitor compliance with data protection regulations, to detect and punish data protection violations and to supervise state authorities with regard to data protection issues.

With the General Data Protection Regulation, consumers have a right to file a complaint with a data protection authority, if they suspect that privacy violations have occurred. So if a company does not respond adequately to the inquiries of data subjects, the consumers have the option of contacting a supervisory authority free of charge. It is left to the consumers which authority they contact: It no longer has to be the authority in the member state in which the potentially offending company is registered.

The status of data protection authorities was considerably expanded and strengthened in the General Data Protection Regulation. While supervisory authorities have existed in Germany for decades, they were long absent in other EU countries or had only weak powers. Now there is a network of European authorities exchanging views on data protection and working together in the newly established European Data Protection Board. In addition, for the first time, authorities have the possibility of imposing high Fines for systematic data protection violations.

Source: The tasks and responsibilities of data protection authorities are laid down in chapter 6 (articles 51 to 59) of Regulation (EU) 2016/679.

Go to article Go to video Go to list of data protection authorities