Individual member states are charged with implementing and overseeing compliance with the EU’s General Data Protection Regulation (GDPR) through data protection authorities (DPAs).1 GDPR also establishes a European Data Protection Board (EDPB) to provide guidance and a forum for member state DPAs to coordinate on interpretation and implementation of GDPR.2
The Personal Information Protection and Electronic Documents Act (PIPEDA) is enforced by the Office of the Privacy Commissioner of Canada which investigates and responds to complaints that the law has been violated.3 Enforcement of Canada’s Anti-Spam Legislation (CASL) is shared amongst three organizations: the Office of the Privacy Commissioner of Canada; the Canadian Radio-television and Telecommunications Commission; and the federal Competition Bureau.4
1 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), arts. 51-59.
2 Id., arts. 68-76.
3 Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 (Can.).
4 Anti-Spam Legislation, S.C. 2010, c. 23 (Can.).