1. EUROPEAN
DATA
PROTECTION
SUPERVISOR
The EU’s independent data
protection authority
The EDPS Supervision and
Enforcement Unit (S&E)
Thomas ZERDICK, LL.M.
Head of Unit of S&E
thomas.zerdick@edps.europa.eu
19 September 2023

2. What the EDPS does
2

3. Regulation (EU) 2018/1725 [EDPR]
Chapter I General Provisions Regulation (EU) 2016/679 [GDPR]
Chapter II General Principles Regulation (EU) 2016/679 [GDPR]
Chapter III Rights of the Data Subject Regulation (EU) 2016/679 [GDPR]
Chapter IV Controller and Processor
Section 2 Security of personal data (Art. 33-35)
Section 3 Confidentiality of electronic communications
Regulation (EU) 2016/679 [GDPR]
Section 2 Security of personal data (Art. 32-34)
Directive 2002/58/EC [e-Privacy]*
Chapter V Transfers of personal data to third countries or
international organisations
Regulation (EU) 2016/679 [GDPR]
Chapter VI European Data Protection Supervisor Regulation (EU) 2016/679 [GDPR]
Chapter VII Cooperation and Consistency Regulation (EU) 2016/679 [GDPR]
Chapter VIII Remedies, Liability And Penalties Regulation (EU) 2016/679 [GDPR]
Chapter IX Processing of operational personal data by Union
bodies, offices and agencies when carrying out activities
which fall within the scope of Chapter 4 or Chapter 5 of
Title V of Part Three TFEU
Personal data breaches (Art. 92+93)
Data Protection Directive (EU) 2016/680
for Police and Law enforcement [LED]
Chapter X Implementing Acts Regulation (EU) 2016/679 [GDPR]
Chapter XI Review Regulation (EU) 2016/679 [GDPR]
Chapter XII Final provisions Regulation (EU) 2016/679 [GDPR]

4. 4

5. 5
S&E
Enforcement
Data Protection
culture
Supervision

6. What the S&E does
6
ADVISE
advise data
subjects,
controllers,
consultations on
administrative
measures and
internal rules,
issue own
initiative opinions,
awareness raising;
INVESTIGATE
investigations,
audits, obtain
access to
premises, order
controller to give
information;
CORRECT
issue warnings,
reprimands, refer
matter to the
European
Parliament, order
rectification or
erasure; impose
administrative
fines;
REFER
matters to the
Court of Justice of
the EU and
INTERVENE;
COOPERATE
with national
supervisory
authorities.

7. 7
Investigative
powers
Corrective
powers
Authorisation &
advisory powers
Check compliance
• complaints
• investigations
• audits
• inspections
Sanction
• warning
• reprimand
• referral to
controller
• ban on
processing
• administrative
fine
Advise
• consultations
• visits
• trainings
• guidelines
Our tools

8. Consultations and audits sector
8
consultations on
administrative
matters
DPIA
Audits/visits
54 consultations in
2021
Thematic guidelines 8 FTE

10. Complaints and investigations sector
10
Schrems II strategy
Investigation into
‘Cloud II’ infrastructure
contracts
Investigation into
Commission’s use of
Microsoft 365
more than 300
complaints in 2021
Court proceedings
(interventions in staff
cases)
7 FTE

11. C&I
11
240
151
203
270
302
227
48
59
43 50
65
44
0
50
100
150
200
250
300
350
1 2 3 4 5 6
complaints received 2018-2023
Series1 Series2

13. • Europol,
• Eurojust
• European Border and
Coast Guard Agency
(Frontex)
• European Public
Prosecutor Office (EPPO)
AFSJ sector
13
EDPS - Europol statistics 2021

15. EDPS resources
Supervision & enforcement
overview:
• https://edps.europa.eu/data-
protection/our-role-
supervisor_en
EDPS Investigation Policy:
• https://edps.europa.eu/data-
protection/our-work/our-work-
by-type/investigations_en
Complaints:
https://edps.europa.eu/data-
protection/our-role-
supervisor/complaints_en
Guidance:
• https://edps.europa.eu/data-
protection/our-work/our-work-
by-type/guidelines_en