Data Protection Authorities (DPAs) are independent public authorities that monitor and enforce data protection laws. They have a role in protecting the personal data of individuals in the European Union (EU).
The GDPR defines Data Protection Authorities as “a public authority or a body established by law, vested with specific tasks, which is empowered to monitor the application of personal data protection rules.”
DPAs are not a single organization but rather a network of individual organizations.
Each EU Member State has its own DPA and there are currently more than 40 DPAs across the EU, including:
- the UK Information Commissioner's Office (ICO)
- the Irish Data Protection Commissioner (DPC)
- the French Commission Nationale de l'Informatique et des Libertés (CNIL)
- the German Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)