The European Data Protection Board (EDPB) recently issued a document entitled “Overview of the resources made available to data protection authorities by Member States and on enforcement actions by data protection authorities”.
This study was prepared at the request of the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE Committee) and includes certain statistics on financial and human resources provided by EU Member States and the European Economic Area (EEA) to national supervision authorities as well as information regarding the related supervision and control activity.
The document also emphasizes that the protection of personal data is a fundamental right in the EU, which requires solid supervision, which can only exist if supervisors are adequately equipped with staff and resources to monitor the compliance with GDPR.
Furthermore, the Committee emphasizes that, in order to keep pace with the rapid pace of technological developments and digitization, surveillance should be carried out on a sustained basis, which is why supervisors need to have the means and expertise to do so.
At the same time, the Committee points out that due to the cooperation and coherence mechanism established in the GDPR, the supervisory authorities have become interdependent, and the effective application of this mechanism requires, among other things, that all supervisory authorities and EDPBs be properly equipped, whereas the lack of resources in a national supervisory authority competent to handle cross-border cases may have consequences for respect for the rights of citizens across the EU.
At the same time, the document notes that, in addition to resolving complaints and conducting investigations, the GDPR provides for the supervisory authorities a multitude of other tasks and tools to promote and monitor compliance, which contribute in equal proportions to the protection of the fundamental right to protection of data in the EU. These include, but are not limited to, assessing the impact on data protection, evaluating codes of conduct, issuing certification and accreditation tools, evaluating BCRs and, of course, contributing to EDPB’s work to ensure consistent application and interpretation of GDPR across the Union. In this regard, the Committee emphasizes that for all these tasks and instruments, the appropriate staffing of supervisors is of significant importance.