🇦🇹
Austria
Datenschutzbehörde (DSB)
English
Resources
Data Protection Authorities
Every EU and EEA country has a national data protection authority (DPA) responsible for upholding GDPR rights. Most people only think of DPAs as a last resort for formal complaints, but they're also a useful first stop for questions and guidance. Many publish practical guides, run advice lines, help resolve disputes, or investigate organizations that fail to comply.
If you have sent a request, waited, followed up, and still received no satisfactory response, contacting your national DPA is a reasonable next step. It is free, and the organization is required to cooperate with any investigation. Find your national DPA in our below.
EU Member States
🇧🇪
Belgium
Autorité de protection des données (APD / GBA)
Local rules apply
Complaints must be in French, Dutch, or German. English submissions are not accepted.
🇩🇰
Denmark
Datatilsynet
Local rules apply
Online form requires MitID (Danish national eID). Non-residents should file by email or use the PDF form instead.
🇫🇮
Finland
Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
Local rules apply
Complaints are processed in Finnish or Swedish. English submissions may be accepted but Finnish is strongly preferred.
🇫🇷
France
Commission Nationale de l'Informatique et des Libertés (CNIL)
Local rules apply
Complaint process is French only. No English submission accepted.
Phone+33 1 53 73 22 22
EmailNot listed
Address3 Place de Fontenoy, 75007 Paris
🇩🇪
Germany
BfDI + 16 state DPAs
Local rules apply
For private companies, file with the state DPA where the company is headquartered, not the federal BfDI. Forms are German only.
🇮🇪
Ireland
Data Protection Commission (DPC)
Local rules apply
Ireland is the EU lead supervisory authority for most major US tech companies (Google, Meta, Apple, Microsoft). Complaints cannot be accepted by phone — submit via webform or email only.
🇮🇹
Italy
Garante per la protezione dei dati personali
Local rules apply
Italian only. Download the template and submit by registered mail (raccomandata). PEC email is not available to non-residents.
🇳🇱
Netherlands
Autoriteit Persoonsgegevens (AP)
English
🇵🇱
Poland
UrzÄ…d Ochrony Danych Osobowych (UODO)
Local rules apply
Polish only. Formal complaints must be submitted via the electronic inbox (ePUAP) or by post — email is not a formal complaint channel.
🇱🇺
Luxembourg
Commission Nationale pour la Protection des Données (CNPD)
Local rules apply
Luxembourg is the EU lead supervisory authority for Amazon, PayPal, Skype, and Spotify. Complaint form is primarily in French — download a PDF copy of your submission before closing the form.
🇵🇹
Portugal
Comissão Nacional de Proteção de Dados (CNPD)
Local rules apply
Portuguese only. No telephone assistance, all contact must be in writing.
🇪🇸
Spain
Agencia Española de Protección de Datos (AEPD)
Local rules apply
Online filing requires a Spanish digital certificate (Cl@ve). Non-residents should file by post in Spanish.
🇸🇪
Sweden
Integritetsskyddsmyndigheten (IMY)
Local rules apply
All submissions become public documents under Sweden's access principle. Use email or post if you have a protected identity.
Non-EU (Own Legislation)
🇬🇧
United Kingdom
Information Commissioner's Office (ICO)
Local rules apply
Post-Brexit: the UK operates under UK GDPR, not EU GDPR. Substantively similar but legally separate.
🇨ðŸ‡
Switzerland
Federal Data Protection and Information Commissioner (FDPIC)
Local rules apply
Switzerland operates under nFADP, not GDPR. The FDPIC cannot impose fines directly, for individual enforcement civil court is the primary route.
Phone+41 58 462 43 95 (10:00-11:30 only)
EmailNot listed
AddressFeldeggweg 1, CH-3003 Berne
🇳🇴
Norway
Datatilsynet
Local rules apply
Norway is EEA, not EU — GDPR applies via the EEA Agreement. Online form requires BankID (Norwegian eID). Non-residents should file by email or post.
🇮🇸
Iceland
Persónuvernd (Icelandic Data Protection Authority)
Local rules apply
Iceland is EEA, not EU — GDPR applies via the EEA Agreement. English is widely accepted.
National DPAs are independent of the EU Commission. The European Data Protection Board coordinates between them and publishes guidelines on how GDPR applies across borders.