Thursday

20th Sep 2018

Focus

Are EU data watchdogs staffed for GDPR?

  • The GDPR (general data protection regulation) comes into force on May 25 (Photo: Tirza van Dijk)

European data protection authorities are conducting profoundly different recruitment policies to enforce the EU's upcoming new privacy rules.

While data watchdogs in some EU countries are doubling their staff, others are not planning any new recruitment at all – even though EU citizens are getting a range of new rights under the general data protection regulation (GDPR) that will be enforced as of Friday (25 May).

Read and decide

Join EUobserver today

Support quality EU news

Get instant access to all articles — and 18 year's of archives. 30 days free trial.

... or join as a group

  • EU data commissioner Vera Jourova (l) meeting with the president of the French data protection authority, Isabelle Falque-Pierrotin, in 2016. Jourova has explicitly stated: 'We want the DPAs to be well equipped for the job' (Photo: European Commission)

Vera Jourova, the EU justice commissioner, told reporters last week she is worried understaffed data protection authorities (DPAs) may make the task all the more difficult.

"We want the DPAs to be well equipped for the job, not only for sanctioning but also for consulting, for advising and I don't like to see the DPAs being in trouble," she said.

The number of staff currently working in Europe's DPAs vary significantly, from 11 in Malta to 565 in the United Kingdom (528.5 in full time equivalent, a comparison method takes into account that staff sometimes work part time).

For the EU's two largest member states, Germany and France, it is not yet clear if the DPAs will see a staff increase, as they depend on the government's willingness to increase their budgets.

Germany's Federal Commissioner for Data Protection and Freedom of Information had a staff of 160.5 full time equivalent (fte) in 2017, according to a spokesman.

He noted the German DPAs staff had been consistently increasing in the past years, from 90 fte in 2015, and 110.5 fte in 2016.

The spokesman said the German authority has asked for additional staff, but that the final increase will depend on the outcome of budget negotiations.

"Please understand that I cannot give you a specific number at this point," he added.

His colleague at the French DPA, which is known under its French acronym Cnil, had a similar message.

"Cnil asked for some additional fte because of the GDPR but the discussions on these financial issues are still ongoing," said a spokeswoman.

Cnil currently has a staff of 199 fte.

Some DPAs told EUobserver that they were planning substantial increases in their staff.

The Dutch DPA had already increased staff from 76 to 112.8 fte, and it expected to increase further, according to a spokeswoman.

She said the Dutch ministry of justice and security has approved a scenario of the DPA's staff growing to 185 fte.

However, while the ministry did approve some increase in the DPA's budget, that was not enough to cover all the new hires, said the Dutch spokeswoman.

"To properly do our job, we are going to have to receive additional budget," she noted.

Meanwhile, their neighbours to the south are planning a much more modest increase.

Belgium's DPA has a staff of 54.63 fte, and has permission to hire two additional information security advisers, according to a spokeswoman.

It is still waiting for permission to hire an additional four fte in 2018, another two in 2019, and two more in 2020.

The DPA in Austria said it was increasing staff with eight people, the one in Bulgaria with 18, the one in Croatia with four.

Estonia: 18 is enough

However, the Czech Republic's watchdog – which already employs 100 – said that it had no plans for additional hires. Neither did Estonia's, which has been working with a staff of 18 for the past four years.

A spokesman for Greece's data authority told EUobserver that in addition to its staff of 44, it was planning to hire 20 employees in the coming months.

"Please note, however, that the actual number of the active workforce at the Hellenic DPA is much smaller, due to the fact that some employees are seconded or on maternity leave or even on an unpaid leave," he noted.

Denmark's DPA did not respond to EUobserver's questions, but the Brussels-based European Data Protection Board (EDPB) said that it had been told the Danish watchdog will increase its number of staff from 20 in August 2015 to 55 by the end of 2018.

The GDPR was politically agreed in December 2015, and formally adopted April 2016.

The European Data Journalism Network (EDJNet) is a new platform for data-driven news on European affairs brought to you in up to 12 languages by a consortium of media and data journalists from all over Europe, which includes EUobserver.

For the graphic, note that some gave staff numbers in fte (full-time equivalent), and others in total number of people. DPAs did not always respond to EUobserver's questions, or gave figures for number of employees instead of fte – making it more difficult to compare because some jobs may be part time. Moreover, the figures only provide for a general insight. They do not say anything about the efficiency with which people work, and how many people are involved in management and administrative tasks compared to those that are tasked with enforcement of privacy rules.

Eight countries to miss EU data protection deadline

The EU starts enforcing its general data protection regulation on 25 May - but Belgium, Bulgaria, Cyprus, Czech Republic, Greece, Hungary, Lithuania and Slovenia won't be ready. The delay will cause legal uncertainty.

Austria accused of undermining new EU data law

Most EU states have yet to pass the national laws needed to equip authorities with the resources to enforce the upcoming EU general data protection regulation. Austria, previously deemed a leader for high data standards, appears increasingly wary.

26 EU states not ready for data law

The European Commission on Wednesday said only Austria and Germany have passed the relevant draft laws needed to ensure the launch of the EU's general data protection regulation on 25 May:

New EU fines will apply to 'old' data breaches

On 25 May, a new general data protection regulation will apply. Data breaches that happened before that date, but were covered up, can be fined under the new regulation.

Opinion

Europe's tech race - trying to keep pace with US and China

There is not a single European company among the world's top 10 computer hardware companies. Within the EU, Germany and Sweden rank among world leaders, but Bulgaria and Slovakia among the worst-performing developed nations.

News in Brief

  1. EU-Arab League summit proposed for February in Egypt
  2. Stop 'migration blame-game', Tusk tells EU leaders
  3. McDonald's Luxembourg tax deal 'compatible' with EU rules
  4. Danish bank CEO resigns in Russia scandal
  5. Germany seeks to join EU's eastern energy club
  6. UK universities top EU in Chinese ranking
  7. Poland seeks 'Fort Trump' US military base
  8. EU stops Irish case after Apple pays €13bn

Are EU data watchdogs staffed for GDPR?

The success of the new general data protection regulation (GDPR) will depend on whether data protection authorities enforce the new rules - which, in turn, will be at least partly determined by how many people they employ.

Eight countries to miss EU data protection deadline

The EU starts enforcing its general data protection regulation on 25 May - but Belgium, Bulgaria, Cyprus, Czech Republic, Greece, Hungary, Lithuania and Slovenia won't be ready. The delay will cause legal uncertainty.

Stakeholders' Highlights

  1. NORDIC COUNCIL OF MINISTERSThe Nordic gender effect goes international
  2. NORDIC COUNCIL OF MINISTERSPaula Lehtomaki from Finland elected as the Council's first female Secretary General
  3. NORDIC COUNCIL OF MINISTERSNordic design sets the stage at COP24, running a competition for sustainable chairs.
  4. Counter BalanceIn Kenya, a motorway funded by the European Investment Bank runs over roadside dwellers
  5. ACCACompany Law Package: Making the Best of Digital and Cross Border Mobility,
  6. IPHRCivil Society Worried About Shortcomings in EU-Kyrgyzstan Human Rights Dialogue
  7. UNESDAThe European Soft Drinks Industry Supports over 1.7 Million Jobs
  8. Mission of China to the EUJointly Building Belt and Road Initiative Leads to a Better Future for All
  9. IPHRCivil society asks PACE to appoint Rapporteur to probe issue of political prisoners in Azerbaijan
  10. ACCASocial Mobility – How Can We Increase Opportunities Through Training and Education?
  11. Nordic Council of MinistersEnergy Solutions for a Greener Tomorrow
  12. UNICEFWhat Kind of Europe Do Children Want? Unicef & Eurochild Launch Survey on the Europe Kids Want

Stakeholders' Highlights

  1. Nordic Council of MinistersNordic Countries Take a Stand for Climate-Smart Energy Solutions
  2. Mission of China to the EUChina: Work Together for a Better Globalisation
  3. Nordic Council of MinistersNordics Could Be First Carbon-Negative Region in World
  4. European Federation of Allergy and AirwaysLife Is Possible for Patients with Severe Asthma
  5. PKEE - Polish Energy AssociationCommon-Sense Approach Needed for EU Energy Reform
  6. Nordic Council of MinistersNordic Region to Lead in Developing and Rolling Out 5G Network
  7. Mission of China to the EUChina-EU Economic and Trade Relations Enjoy a Bright Future
  8. ACCAEmpowering Businesses to Engage with Sustainable Finance and the SDGs
  9. Nordic Council of MinistersCooperation in Nordic Electricity Market Considered World Class Model
  10. FIFAGreen Stadiums at the 2018 Fifa World Cup
  11. Mission of China to the EUChina and EU Work Together to Promote Sustainable Development
  12. Counter BalanceEuropean Ombudsman Requests More Lending Transparency from European Investment Bank

Join EUobserver

Support quality EU news

Join us