A DPA is an independent body which is in charge of:
- monitoring the processing of personal data within its jurisdiction (country, region or international organisation);
- providing advice to the competent bodies with regard to legislative and administrative measures relating to the processing of personal data;
- hearing complaints lodged by citizens with regard to the protection of their data protection rights.
According to Article 51 of the GDPR, each Member State shall establish in its territory at least one data protection authority, which shall be endowed with investigative powers (e.g. access to data, collection of information, etc.), corrective powers (e.g. the power to order the erasure of data, to impose a fine or a ban on processing), and authorisation or advisory powers (e.g. issuance of opinions, power to accredit certification bodies).
National data protection authorities have been established in all European countries, as well as in many other countries worldwide. At the EU level, the EDPS wasestablished as an independent data protection authority under Article 52 of Regulation (EU) 2018/1725.
You can find a list of data protection authorities online.