Who are these actors?
The European Data Protection Supervisor (EDPS) is the supervisory authority for processing activities by European institutions and bodies. It is an independent supervisory authority of the European Union. In contrast to the other actors the EDPS is not established by the GDPR but by Regulation (EU) No 2018/1725.
What are their tasks?
The tasks of the EDPS are to monitor and protect personal data when it is processed by EU institutions and advises other EU institutions on matters regarding such processing as well as related legislation and acts. Furthermore, it monitors technologies that could influence data protection and cooperates with the national supervisory authorities on data protection. Furthermore, the EDPS advises EU institutions such as the European Commission on affairs regarding data processing, such as new legislation and agreements. It also monitors new technologies that might impact data protection and cooperates with national supervisory authorities.
What are their rights and responsibilities?
The EDPS can conduct investigations on the application data protection. Therefore, it can order controllers and processors to provide information or conduct protection audits. Furthermore, the EDPS can issue warnings if infringements are likely or reprimands if infringements are ascertained and orders specific measures to handle infringements. In addition, it can impose fines for the unlawful processing of data or ban the processing altogether.