These are the institutional bodies in charge of providing your organization with advice and clarifications, as well as to apply the fines, if this is the case:
The European Data Protection Supervisor (EDPS)
EDPS was formed in 2004 and is the independent supervisory body at the European Union level. In 2014, the European Parliament and EU Council appointed the Supervisor and Assistant supervisor.
The purpose of the EDPS is to:
Its area of authority is on:
In the situation of a dispute, where a decision is to be offered, EDPS’ voting powers are restricted to the situation when the case principles are applicable to European Union Institutions. In the case of cross-border processing activities, another supervisory body comes into picture.
The European Data Protection Board (EDPB)
Member states will have an obligation to establish a supervisory authority at a national level, together with mechanisms aimed at creating consistency in applying the GDPR across the Union. In cross- border cases, though, there is only one supervisory decision taken, and this principle is called the one stop shop. According to this principle, an organization with subsidiaries in more than one member state only has to deal with the data protection authority in the state where its headquarter is located.
The EDPB will consist of representatives of all the national supervisory authorities’ representatives. It is a European Union body with legal personality and extended powers and has the purpose of solving disputes between national authorities, provide European Union certification and codes of conduct, as well as to offer guidance.