Data Protection Authority (DPA)

An independent government body responsible for supervising and enforcing data protection laws within its jurisdiction. Each EU member state has at least one DPA (called supervisory authorities under GDPR), and many other countries have similar regulators. DPAs investigate complaints, conduct audits, issue guidance, impose fines and corrective measures, handle data breach notifications, approve codes of conduct and certifications, and cooperate with other authorities. DPAs also provide authoritative interpretation of privacy laws. In the UK, it's the Information Commissioner's Office (ICO). In California, it's the California Privacy Protection Agency (CPPA). Organizations should understand which DPAs have jurisdiction over their activities, monitor DPA guidance and enforcement actions, submit required notifications and applications, cooperate with investigations, and consider DPA positions when interpreting legal requirements. DPAs balance enforcement with education, though enforcement is increasingly aggressive.