Privacy & Data Protection reports

In the past months we have conducted extensive research into Data Protection Authorities (DPAs), which has resulted in a report series covering key topics such as Data Breach reporting, resources, guidance issued and enforcement actions taken.

Part five: Guidance issued

The fifth part of our report discusses guidance issued by DPAs. We have studied the form and content of the guidance published by seven DPAs, studying characteristics such as language, format and topics discussed. Our observation is that DPAs publish a lot of relevant guidance. However it does not always have the ideal form and content.



Data Protection Authorities (DPAs) are facing busy times. Whilst their primary task is to enforce the application of the GDPR and ensure compliance, the GDPR entrusts the DPAs with a number of additional tasks such as creating awareness and handling complaints. In addition to this, they will need to cooperate with organizations from time to time, for example when dealing with certain high-risk Data Protection Impact Assessments or when a personal data breach is reported.

Because of this crucial role of DPAs, it is important for organizations to not only identify which DPAs they may need to engage with in the future, but also develop knowledge on the characteristics of these DPAs. At Deloitte we understand these needs. We have therefore conducted extensive research into certain key characteristics of the DPAs. The research seeks to paint a detailed picture and provide you with a closer look at factors that may influence a DPA’s way of working.

Want to know more?

Learn more and download the other parts of the report series "Pricacy & Data Protection".

Part five: Guidance Issued
Hade du nytta av den här informationen?