Sufficient resources for data protection authorities necessary for effective GDPR implementation

Source: S.H. (Sophie) in 't Veld i, published on Tuesday, April 17 2018.

Today Sophie in 't Veld submitted a written question to the European Commission about the still insufficient resources for the data protection authorities in Member States:

The entry into force of the General Data Protection Regulation on 25 May 2018 will endow the data protection authorities (DPAs) with additional tasks and powers for the enforcement of the GDPR. This requires adequate financial, human, and technical resources, to be provided by the Member States.[1] However, it appears that in some Member States, such as the Netherlands and France, the DPAs consider that the resources are not yet sufficiently adapted to deal with their new tasks.[2]

  • Can the Commission provide an overview of the necessary budget of the 28 DPAs for effective GDPR implementation?
  • What is the impact on European data protection if multiple Member States provide their DPAs with insufficient financial, human, and technical resources, with the result that these cannot effectively perform their tasks, exercise their powers, and be absolutely independent, and therefore constitute a weak link in mutual assistance and cooperation between the DPAs throughout the Union?
  • Will the Commission start infringement procedures against Member States that have not provided enough resources to their DPA and therefore cannot fully give the adequate data protection to their citizens that the GDPR offers on paper?

[1] GDPR art. 52.4

[2] https://m.nextinpact.com/news/106031-rgpd-cnil-veut-rassurer-pme-mais-sinquiete-ses-moyens.htm

https://www.nu.nl/internet/4929314/jaarlijks-7-miljoen-euro-extra-privacywaakhond-ap.html