Useful resources for complying with EU GDPR

Article 29 Working Party Guidelines:

• Guidelines on the application and setting of administrative fines
• Guidelines on Data Protection Impact Assessment (DPIA)
• Guidelines on the Lead Supervisory Authority
• Guidelines on the right to “data portability”

Links to national data protection authorities in the European Union:

• • Austria – Austrian Data Protection Authority (German: Österreichische Datenschutzbehörde)
  • Belgium – Commission for the protection of privacy (Dutch: Commissie voor de bescherming van de persoonlijke levenssfeer (CBPL), French: Commission de la protection de la vie privée (CPVP))
  • Bulgaria – Bulgarian data protection authority (Bulgarian: Комисия за защита на личните данни)
  • Croatia – Croatian Personal Data Protection Agency (Croatian: Agencija za zaštitu osobnih podataka (AZOP))
  • Cyprus – Commissioner for Personal Data Protection (Greek: Γραφείο Επιτρόπου Προστασίας Δεδομένων Προσωπικού Χαρακτήρα)
  • Czech Republic – The Office for Personal Data Protection (Czech: Úřad pro ochranu osobních údajů (ÚOOÚ))
  • Denmark – Danish Data Protection Agency (Danish: Datatilsynet)
  • Estonia – Estonian Data Protection Inspectorate (Estonian: Andmekaitse Inspektsioon)
  • Finland – Office of the Data Protection Ombudsman (Finnish: Tietosuojavaltuutetun toimisto)
  • France – National Commission on Informatics and Liberty (French: Commission nationale de l’informatique et des libertés), also known as CNIL
  • Germany – Federal Commissioner for Data Protection and Freedom of Information (German: Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI))
  • Greece – Hellenic Data Protection Authority (Greek: Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα), also known as HDPA
  • Hungary – Data Protection Commissioner of Hungary (Hungarian: Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH))
  • Ireland – Data Protection Commissioner (Irish: An Coimisinéir Cosanta Sonraí), also known as DPC
  • Italy – Italian Data Protection Authority (Italian: Garante per la Protezione dei Dati Personali), also known as Italian DPA
  • Latvia – Data State Inspectorate (Latvian: Datu valsts inspekcija, Russian: Государственная инспекция данных)
  • Lithuania – State Data Protection Inspectorate (Lithuanian: Valstybinė duomenų apsaugos inspekcija (VDAI))
  • Luxembourg – National Commission for Data Protection (German: Nationale Kommission für den Datenschutz, French: Commission nationale pour la protection des données), also known as CNPD

• Malta – Information and Data Protection Commissioner, also known as IDPC
• Netherlands – Dutch Data Protection Authority (Dutch: Autoriteit Persoonsgegevens (AP)), also known as Dutch DPA
• Poland – The Bureu of the Inspector General for the Protection of Personal Data (Polish: Generalny Inspektor Ochrony Danych Osobowych (GIODO))
• Portugal – National Commission for Data Protection (Portuguese: Comissão Nacional de Protecção de Dados (CNPD)), also known as NCDP
• Romania – The National Supervisory Authority for Personal Data Processing (Romanian: Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal), also known as ANSPDCP
• Slovakia – Office for Personal Data Protection of the Slovak Republic (Slovak: Úrad na ochranu osobných údajov Slovenskej republiky)
• Slovenia – Information Commissioner of the Republic of Slovenia (Slovene: Republika Slovenija Informacijski pooblaščenec)
• Spain – Spanish Agency of data protection (Spanish: Agencia Española de Protección de Datos (AEPD))
• Sweden – Swedish Data Protection Authority (Swedish: Datainspektionen), also known as Swedish DPA
• United Kingdom – Information Commissioner’s Office, also known as ICO

Links to national data protection authorities outside of the European Union:

• Australia – The Office of the Australian Information Commissioner
• Canada – Privacy Commissioner of Canada (French: Commissariat à la protection de la vie privée du Canada)
• Guernsey – Office of the Data Protection Commissioner
• Hong Kong – Privacy Commissioner for Personal Data
• Iceland – Icelandic Data Protection Agency (Icelandic: Persónuvernd)
• Isle of Man – Information Commissioner
• Israel – Privacy Protection Authority (PPA)
• Liechtenstein – Data Protection Office (German: Datenschutzstelle)
• Macedonia – Directorate for Personal Data Protection (Macedonian: Дирекција за заштита на лични податоци)
• Montenegro – Agency for Protection of Personal Data (Montenegrin: Агенција за Заштиту Личних Података)
• New Zealand – Privacy Commissioner
• Norway – Norwegian Data Protection Authority (Norwegian: Datatilsynet)
• Serbia – Commissioner for Information of Public Importance and Personal Data Protection (Serbian: Повереник за информације од јавног значаја и заштиту података о личности)
• Switzerland – Federal Data Protection and Information Commissioner (in German: Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB), in French: Préposé fédéral à la protection des données et à la transparence (PFPDT), in Italian: Incaricato federale della protezione dei dati e della trasparenza (IFPDT)), also known as FDPIC
• United States of America – Federal Trade Commission

To implement EU GDPR easily and efficiently, use our EU GDPR Premium Documentation Toolkit that provides step-by-step guidance and all documents for full EU GDPR compliance.