Compilation of Guidances on the EU General Data Protection Regulation

July 24, 2018

  1. If you are new to the General Data Protection Regulation, you may want to review the text of the regulation to familiarize yourself with basic GDPR concepts and terminology: https://gdpr-info.eu/  Keep in mind that the scope of the GDPR is broader than U.S. privacy laws such as HIPAA.
  2. The names and website addresses of each country’s data protection authority are seen in Rows 1 an 2.
  3. General GDPR Guidance documents are listed in appropriate row. If the information is not available in English, an online translation program can be helpful.
  4. The table lists guidances specific to Research, Legal Basis, Consent, and International Data Transfer. Country-level interpretations and procedures are likely to evolve over time, and data protection authorities may release new guidances.

Austria

Name of Data Protection Authority Data Protection Authority
Website http://www.dsb.gv.at/

Bulgaria

Name of Data Protection Authority Commission for Personal Data Protection
Website https://www.cpdp.bg/
General Guidance https://www.cpdp.bg/index.php?p=element&aid=1163
Research https://www.cpdp.bg/en/index.php?p=element&aid=1162
Consent https://www.cpdp.bg/en/index.php?p=element&aid=1162

Croatia

Name of Data Protection Authority Personal Data Protection Agency
Website http://www.azop.hr/
General Guidance http://azop.hr/info-servis/detaljnije/opca-uredba-o-zastiti-podataka-gdpr

Cyprus

Name of Data Protection Authority Commissioner for Personal Data Protection
Website http://www.dataprotection.gov.cy/

Czech Republic

Name of Data Protection Authority Office for Personal Data Protection
Website http://www.uoou.cz/
General Guidance https://www.uoou.cz/gdpr-strucne/ds-4843/p1=4843

Denmark

Name of Data Protection Authority Data Protection Agency
Website http://www.datatilsynet.dk/
General Guidance https://www.datatilsynet.dk/

Finland

Name of Data Protection Authority Office of the Data Protection Ombudsman
Website http://www.tietosuoja.fi/en/

Greece

Name of Data Protection Authority Hellenic Data Protection Authority
Website http://www.dpa.gr/

Hungary

Name of Data Protection Authority National Authority for Data Protection and Freedom of Information
Website http://www.naih.hu/
General Guidance http://www.naih.hu/felkeszueles-az-adatvedelmi-rendelet-alkalmazasara.html

Iceland

Name of Data Protection Authority Data Protection Authority
Website https://www.personuvernd.is/information-in-english/
General Guidance https://www.personuvernd.is/ny-personuverndarloggjof-2018/

Italy

Name of Data Protection Authority Guarantor for the Protection of Personal Data
Website http://www.garanteprivacy.it/
Legal Basis https://www.garanteprivacy.it/home/doveri#2

Latvia

Name of Data Protection Authority Data State Inspectorate
Website http://www.dvi.gov.lv/
General Guidance http://www.dvi.gov.lv/lv/

Liechtenshein

Name of Data Protection Authority Data Protection Office
Website https://www.llv.li/#/1758/datenschutzstelle

 

Lithuania

Name of Data Protection Authority State Data Protection Inspectorate
Website http://www.ada.lt/

 

Matla

Name of Data Protection Authority Office of the Information and Data Protection Commissioner
Website http://www.idpc.org.mt/
General Guidance https://idpc.org.mt/en/Pages/gdpr.aspx

 

Norway

Name of Data Protection Authority Data Protection Authority
Website https://www.datatilsynet.no/en/

Poland

Name of Data Protection Authority Personal Data Protection Office
Website https://uodo.gov.pl/

Portugal

Name of Data Protection Authority National Commission for Data Protection
Website https://www.cnpd.pt/
General Guidance https://www.cnpd.pt/bin/rgpd/rgpd.htm
Legal Basis https://www.cnpd.pt/bin/faqs/faqs.htm

Romania

Name of Data Protection Authority National Supervisory Authority for Personal Data Processing
Website http://www.dataprotection.ro/
General Guidance http://www.dataprotection.ro/?page=Regulamentul_nr_679_2016

Slovakia

Name of Data Protection Authority Office for Personal Data Protection
Website http://www.dataprotection.gov.sk/
General Guidance https://dataprotection.gov.sk/uoou/sk/main-content/nariadenie-gdpr

Slovenia

Name of Data Protection Authority Information Commissioner
Website https://www.ip-rs.si/
General Guidance https://www.ip-rs.si/varstvo-osebnih-podatkov/projekti/rapidsi/

Disclaimer: Though this Compilation contains information of a legal nature, it has been developed for informational purposes only and does not constitute legal advice or opinions as to the current operative guidelines of any jurisdiction. In addition, because new guidelines are issued on a continuing basis, this Compilation is not an exhaustive source of all current applicable guidelines relating to the General Data Protection Regulation. While reasonable efforts have been made to assure the accuracy and completeness of the information provided, researchers and other individuals should check with local authorities and/or research ethics committees before starting research activities.

Content created by Office for Human Research Protections (OHRP)
Content last reviewed