{"generated":"2026-05-30T17:11:52.448Z","license":"CC BY 4.0","source":"https://eurocomply.app/data/dpa-directory.json","count":14,"data":[{"isoCode":"DE","countryName":"Germany","dpaName":"Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit","dpaShortName":"BfDI","dpaWebsite":"https://www.bfdi.bund.de","edpbUrl":"https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#germany","description":"The Federal Commissioner for Data Protection and Freedom of Information (BfDI) is Germany's national data protection supervisory authority, responsible for overseeing GDPR compliance for federal public bodies and the telecoms sector. Germany also has 16 state-level DPAs (Landesdatenschutzbehörden) for private sector enforcement."},{"isoCode":"FR","countryName":"France","dpaName":"Commission nationale de l'informatique et des libertés","dpaShortName":"CNIL","dpaWebsite":"https://www.cnil.fr","edpbUrl":"https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#france","description":"The CNIL (Commission Nationale de l'Informatique et des Libertés) is France's data protection authority. It is one of the most active DPAs in Europe, having issued major fines against Google, Meta, and Amazon. The CNIL also enforces cookie consent under ePrivacy rules."},{"isoCode":"IT","countryName":"Italy","dpaName":"Garante per la protezione dei dati personali","dpaShortName":"Garante","dpaWebsite":"https://www.garanteprivacy.it","edpbUrl":"https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#italy","description":"Italy's Garante per la protezione dei dati personali (Garante) is among the most proactive GDPR enforcers in Europe, having temporarily blocked ChatGPT in 2023 and issued significant fines in the healthcare and AI sectors."},{"isoCode":"ES","countryName":"Spain","dpaName":"Agencia Española de Protección de Datos","dpaShortName":"AEPD","dpaWebsite":"https://www.aepd.es","edpbUrl":"https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#spain","description":"The AEPD (Agencia Española de Protección de Datos) is Spain's data protection authority, known for its high volume of fines. The AEPD publishes detailed enforcement guidelines and has issued thousands of sanctions since GDPR entered into force in 2018."},{"isoCode":"NL","countryName":"Netherlands","dpaName":"Autoriteit Persoonsgegevens","dpaShortName":"AP","dpaWebsite":"https://www.autoriteitpersoonsgegevens.nl","edpbUrl":"https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#netherlands","description":"The AP (Autoriteit Persoonsgegevens) is the Dutch data protection authority. The Netherlands is a major hub for EU headquarters of US tech companies, making the AP's enforcement actions particularly significant for organisations like Netflix, Uber, and TikTok."},{"isoCode":"BE","countryName":"Belgium","dpaName":"Autorité de protection des données / Gegevensbeschermingsautoriteit","dpaShortName":"APD/GBA","dpaWebsite":"https://www.dataprotectionauthority.be","edpbUrl":"https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#belgium","description":"Belgium's data protection authority (APD/GBA) is notable for its work on the IAB TCF (Transparency and Consent Framework) case, which has set precedent for cookie consent frameworks across the EU. Brussels hosts many EU institutions, giving the Belgian DPA cross-border significance."},{"isoCode":"AT","countryName":"Austria","dpaName":"Österreichische Datenschutzbehörde","dpaShortName":"DSB","dpaWebsite":"https://www.dsb.gv.at","edpbUrl":"https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#austria","description":"Austria's Datenschutzbehörde (DSB) gained prominence through NOYB's complaints about Google Analytics and Facebook, leading to landmark decisions on cross-border data transfers under the GDPR."},{"isoCode":"PT","countryName":"Portugal","dpaName":"Comissão Nacional de Proteção de Dados","dpaShortName":"CNPD","dpaWebsite":"https://www.cnpd.pt","edpbUrl":"https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#portugal","description":"Portugal's CNPD (Comissão Nacional de Proteção de Dados) is responsible for enforcing data protection law in Portugal. It has issued significant fines in the healthcare sector and against financial institutions."},{"isoCode":"IE","countryName":"Ireland","dpaName":"Data Protection Commission","dpaShortName":"DPC","dpaWebsite":"https://www.dataprotection.ie","edpbUrl":"https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#ireland","description":"Ireland's Data Protection Commission (DPC) is the lead supervisory authority for many of the world's largest technology companies, including Meta (Facebook, WhatsApp, Instagram), Google, Apple, Twitter/X, LinkedIn, and TikTok — all of which have their EU headquarters in Ireland. The DPC has issued the largest GDPR fines in history."},{"isoCode":"SE","countryName":"Sweden","dpaName":"Integritetsskyddsmyndigheten","dpaShortName":"IMY","dpaWebsite":"https://www.imy.se","edpbUrl":"https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#sweden","description":"Sweden's IMY (Integritetsskyddsmyndigheten) enforces data protection law in Sweden. IMY has been notable for its Google Analytics enforcement orders requiring Swedish organisations to cease transferring analytics data to the US."},{"isoCode":"DK","countryName":"Denmark","dpaName":"Datatilsynet","dpaShortName":"Datatilsynet DK","dpaWebsite":"https://www.datatilsynet.dk","edpbUrl":"https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#denmark","description":"Denmark's Datatilsynet is the national data protection authority. It handles GDPR complaints, conducts investigations into public and private sector data processing, and has issued notable sanctions in the education and employment sectors."},{"isoCode":"FI","countryName":"Finland","dpaName":"Tietosuojavaltuutetun toimisto","dpaShortName":"TSV","dpaWebsite":"https://tietosuoja.fi","edpbUrl":"https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#finland","description":"Finland's Office of the Data Protection Ombudsman (TSV) is responsible for GDPR enforcement. Finland has a well-developed digital public sector, making healthcare and government data processing key areas of DPA focus."},{"isoCode":"PL","countryName":"Poland","dpaName":"Urząd Ochrony Danych Osobowych","dpaShortName":"UODO","dpaWebsite":"https://uodo.gov.pl","edpbUrl":"https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#poland","description":"Poland's UODO (Urząd Ochrony Danych Osobowych) is one of the largest DPAs by population served. It has been active in enforcing requirements for data breach notifications and has issued fines in financial services and e-commerce."},{"isoCode":"EU","countryName":"European Union","dpaName":"European Data Protection Board","dpaShortName":"EDPB","dpaWebsite":"https://www.edpb.europa.eu","edpbUrl":"https://www.edpb.europa.eu","description":"The European Data Protection Board (EDPB) is the independent EU body that ensures the consistent application of GDPR across all EU Member States. It issues binding decisions in cross-border cases, guidelines, recommendations, and opinions on GDPR interpretation."}]}