Slovenian SA: launch of coordinated enforcement on role of data protection officers

In 2023, The European Data Protection Board (EDPB) will continue its coordinated enforcement action (CEF) on the subject of designation and position of data protection officers (DPOs). Throughout the year, 26 Data Protection Authorities (including European Data Protection Supervisor) will take part in the CEF 2023 on the designation and position of data protection officers (DPOs).

As intermediaries between DPAs, individuals and the business units of an organisation, data protection officers have an essential role in contributing to compliance with data protection law and promoting effective protection of data subject rights.

To gauge whether DPOs have the position in their organisations required by Art. 37-39 GDPR and Chapter 6 of the Personal Data Protection Act and the resources needed to carry out their tasks, participating DPAs will implement the CEF at national level in a number of ways:

  • DPOs will be sent questionnaires to aid fact-finding exercise or questionnaires to identify if a formal investigation is warranted;
  • commencement of a formal investigation;
  • follow-up of ongoing formal investigations.

The results of the joint initiative will be analysed in a coordinated manner and the DPAs will decide on possible further national supervision and enforcement actions. In addition, results will be aggregated, generating deeper insight into the topic and allowing targeted follow-up at EU level. The EDPB will publish a report on the outcome of this analysis once the actions are concluded.

This series of actions is the second initiative under the Coordinated Enforcement Framework (CEF), which aims to streamline enforcement and cooperation among Data Protection Authorities (DPAs). In 2022, the topic of choice was the use of cloud services by the public sector. 

A report on the findings of this first CEF initiative was published on 18 January 2023 and is available on the following website:


For further information: