European data protection authorities are conducting profoundly different recruitment policies to enforce the EU’s upcoming new privacy rules. While data watchdogs in some EU countries are doubling their staff, others are not planning any new recruitment at all – even though EU citizens are getting a range of new rights under the general data protection regulation (GDPR) that will be enforced as of 25 May.
Vera Jourova, the EU justice commissioner, told reporters last week she is worried understaffed data protection authorities (DPAs) may make the task all the more difficult. “We want the DPAs to be well equipped for the job, not only for sanctioning but also for consulting, for advising and I don’t like to see the DPAs being in trouble,” she said.
The number of staff currently working in Europe’s DPAs vary significantly, from 11 in Malta to 565 in the United Kingdom (528.5 in full time equivalent, a comparison method taking into account the fact that staff sometimes work part time).
For the EU’s two largest member states, Germany and France, it is not yet clear if the DPAs will see a staff increase, as they depend on the government’s willingness to increase their budgets.
Germany’s Federal Commissioner for Data Protection and Freedom of Information had a staff of 160.5 full time equivalent (fte) in 2017, according to a spokesman. He noted that the German DPA’s staff has been consistently increasing in the past years, from 90 fte in 2015 and 110.5 fte in 2016 up to the current level. The spokesman said that the German authority has asked for additional staff, but the final increase will depend on the outcome of budget negotiations. “Please understand that I cannot give you a specific number at this point,” he added.
His colleague at the French DPA, which is known under the French acronym Cnil, had a similar message. “Cnil asked for some additional fte because of the