All GPA member authorities are requested to complete this survey which will provide a comprehensive snapshot of Data Protection and Privacy Authorities in 2023.

The Census supports the objectives of the Resolution on the Conference Census adopted at the 40th Conference in October 2018.


  • Please complete the survey by 21 April 2023.
  • Only one response per member authority.
  • Please complete the census in English for a better statistical analysis of the answers.
  • If the authority is a unit within a much larger public body, please answer these questions only in relation to your unit (particularly Part C questions on funding and resources).
  • A few questions ask for information relating to 2022, as the most recent complete year. Please answer such questions with information relating either to the calendar year 2022 or, where more convenient, the most recently completed financial year for which you have figures.
  • Please note that the information will be saved until you finish the survey and click the submit button. Therefore, the Secretariat recommend that you pre-fill the survey in word and then upload your answers to the platform.

The following survey seeks non-personal information about data protection and privacy authorities, e.g., financial information, resources, and legislation.

The GPA Census will process non-personal information, such as information about relevant laws, funding, resources, and reporting.

The GPA Secretariat has ensured appropriate steps to minimize the collection of any personal data and advises those completing the survey not to enter personal information in the free text boxes.

What do we do with the information?

The Global Privacy Assembly will use the information provided by authorities to generate statistics and comparative metrics with the previous census and to provide information areas in line with the GPA’s strategic plan for 2023-2025.

No personal data will be included in these reports. The data will be kept secure on the Secretariat’s servers

Further information about publication and release of information gathered in this census is available here:

GPA Secretariat



The census has 7 Parts as follows:

  1. Authority profile
  2. Data protection law, jurisdiction and exemptions
  3. Authority’s funding and resources
  4. Authority’s enforcement powers, case handling and reporting
  5. Cross-border data flows, enforcement and cooperation
  6. Breach notification
  7. Other matters
  • A. Authority profile
  • B. Data protection law, jurisdiction and exemptions
  • C. Authority’s funding and resources
  • D. Authority’s enforcement powers, case handling and reporting
  • E. Cross-border data flows, enforcement, and cooperation
  • F. Breach notification
    • G. Other matters

    A. Authority profile

    1. Please provide the following details regarding your data protection or privacy authority:

    Does the authority have an official digital presence?

    As relevant, please provide the details for the following social media:

    Does the authority publish an annual report?
    Is the issuance of the annual report considered an action of accountability presented to any governmental instance, power, authority, or similar?
    Is the annual report available online?
    What is your nation’s legal system?
    Does your authority offer internal training programs?
    Does your authority offer professional career qualifications for its staff?