European Data Protection Supervisor

Established in 2004 and based in Brussels, the European Data Protection Supervisor (EDPS) is the European Union’s (EU) independent data protection supervisory authority. Its main tasks are:

to monitor the processing of personal data by EU institutions and bodies; and
to assess whether EU policymaking or proposed legislation has data protection or privacy implications.

The EDPS is appointed for a once-renewable 5-year term of office. The holder of the post is required to:

act with complete independence;
treat all confidential information with professional secrecy;
monitor how EU institutions, bodies, offices and agencies apply the legislation;
promote public understanding and awareness of the processing of personal data;
handle complaints and conduct investigations;
warn and sanction data controllers (natural or legal persons, a public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data);
refer issues to the Court of Justice of the European Union, which handles any disputes over the legislation;
submit an annual report to the European Parliament, the Council of the European Union and the European Commission;
cooperate with national data protection supervisory authorities.

The EDPS is supported by a cabinet which provides assistance and advice and organises the daily work.

Chapter VI of Regulation (EU) 2018/1725 on transfers of personal data by EU institutions and bodies describes the duties and powers of the EDPS.

Article 8 of the Charter of Fundamental Rights states that everyone has the right to personal data protection. Article 16 of the Treaty on the Functioning of the European Union further develops that right and is the legal basis for all EU legislation on data protection.