- This initiative is launched in the framework of the European Data Protection Board and aims to assess the position of DPOs in their organisations.
- The Spanish Data Protection Agency will analyse the practices of more than 30,000 public and private sector entities
15 March 2023 - The Spanish Data Protection Agency (AEPD) participates in a coordinated European action to analyse the designation and position of data protection delegates (DPDs) in public and private entities, within the framework of coordinated actions of the European Data Protection Board (EDPB) planned in 2023.
The figure of the Data Protection Officer plays a key intermediary role between Supervisory Authorities, citizens and organisations, and plays a key role in contributing to compliance with data protection regulations and to promoting effective protection of the rights of data subjects.
Therefore, the objective of this preventive action — involving the 27 Data Protection Authorities of the European Union, as well as those of Iceland, Liechtenstein and Norway — is assessing whether the position of DPOs within their organisations complies with the requirements of the General Data Protection Regulation.
The AEPD will analyse the practices of more than 30,000 public and private sector entities. For private sector entities, the questionnaire will take into account different sectors of activity: education, banking and financial institutions, health, energy sector, security, telecommunications services, equity and credit solvency, and activities related to gambling and betting. The participating authorities shall submit a questionnaire that includes questions related, inter alia, to the designation, knowledge and experience of the DPOs, their tasks and resources or their role and position in their respective organisations.
The results of this action will be analysed in a coordinated manner and the Authorities may decide on possible additional supervisory and implementation actions in their respective countries. In addition, the results will be aggregated, generating a broader view and allowing specific monitoring in the field of the European Economic Area. Finally, the Committee will publish a report on the outcome of this analysis once the actions have been completed.
This initiative is part of the Committee’s Coordinated Enforcement Framework (CEF), which follows the one carried out in 2022 that analysed the use of cloud services by the public sector.
For further information: