No. The EDPB does not handle complaints or conduct investigations. If you believe your data protection rights have been violated you can contact the organisation holding your data, contact your national data protection authority (DPA), or go to a national court.
De AVG of de algemene verordening gegevensbescherming stelt een geharmoniseerde reeks regels vast die van toepassing zijn op alle verwerking van persoonsgegevens door (publieke of particuliere) organisaties, ongeacht hun omvang, gevestigd in de Europese Economische Ruimte (EER) of gericht zijn op personen in de EU. Het primaire doel van de AVG is ervoor te zorgen dat persoonsgegevens overal in de EER dezelfde hoge beschermingsstandaard genieten, de rechtszekerheid voor zowel personen als organisaties die gegevens verwerken, te vergroten en een hoge mate van bescherming voor individuen te bieden.
De verordening is op 24 mei 2016 in werking getreden en is van toepassing sinds 25 mei 2018.
Where can I find documents that were adopted during a recent/the latest EDPB plenary?
All documents adopted during the EDPB Plenary are subject to the necessary legal, linguistic and formatting checks and will be made available on the EDPB website once these have been completed.
Once published, recently adopted documents will be listed under “latest publications” on the main page of this website.
You can also find overviews of the documents adopted per plenary on the EDPB news page.
Who are the members of the Board?
The EDPB brings together the EU DPAs and the European Data Protection Supervisor (EDPS). The EEA EFTA countries (Iceland, Liechtenstein and Norway) are also members with regard to GDPR-related matters and without the rights to vote and to be elected as chair or deputy chair. The European Commission and - with regard to GDPR-related matters - the EFTA Surveillance Authority have the right to participate in the activities and meetings of the Board without voting rights.
Can a Data Protection Authority (DPA) challenge an Art. 65 GDPR decision by the EDPB?
As addressees of the EDPB decisions, the relevant Data Protection Authorities (DPAs) that wish to challenge these decisions can bring an action for annulment before the European Court of Justice (CJEU) within two months of being notified.
How does cross-border cooperation work under the GDPR?
The General Data Protection Regulation (GDPR) requires the Data Protection Authority (DPA) of the European Economic Area (EEA) to cooperate closely - under the umbrella of the European Data Protection Board (EDPB) - to ensure the consistent application of the GDPR and the protection of individuals’ data protection rights across the EEA. One of their tasks is to coordinate decision-making in cross-border data processing cases. A processing is cross-border when:
data processing takes place in more than one country;
or it substantially affects or it is likely to substantially affect individuals in more than one country.
Under the so-called one-stop-shop mechanism Art. 60 GDPR, the Lead Supervisory Authority (LSA) acts as the main point of contact for the controller or processor for a given processing, while the Concerned Supervisory Authorities (CSAs) act as the main point of contact for individuals in the territory of their Member State. The LSA is the authority in charge of leading the cooperation process. It will share relevant information with the CSAs, carry out the investigations, prepare the draft decision relating to the case, and cooperate with the other CSAs in an endeavour to reach consensus on this draft decision.
I have received a communication from someone claiming to be working for the EDPB informing me that I am not in compliance with the GDPR, is this something the EDPB does?
Please note that the EDPB does not contact individuals, via phone or other means of communication, to inform them of such matters.
Therefore, it could be that the call you received represents a phishing attack targeting you abusing our name.
I submitted feedback to a public consultation, but I cannot see my comments on the public consultation page. How do I know that my feedback was received by the EDPB?
All comments submitted are screened and reviewed manually before being displayed on our website. There should have been a visual confirmation after submitting your comments on our website.
In any case, please allow for some time before your comments are published.
I think my data protection rights have been violated, what can I do?
If you believe your data protection rights have been violated you can contact the organisation holding your data, contact your national data protection authority (DPA), or go to a national court.
DPAs can conduct investigations and impose sanctions where necessary. You can find the contact details for all EEA DPAs here.
I wish to lodge a complaint with a data protection authority (DPA), which authority should I contact?
Under the GDPR, you have the right to lodge a complaint with the Data Protection Authority (DPA) in the country of:
your habitual residence;
your place of work; or
the place where the alleged infringement took place.