Ms Jennifer O'Sullivan:

In terms of our role, which we take extremely seriously, the most serious aspect is our independence. We always seek to protect, bolster and reinforce our independence in our regulatory activities, in our work as an organisation in terms of the priorities we place on particular matters of enforcement, in the other non-investigative contexts in which we work and in the work we do on encouraging compliance. We always seek to protect that at its core. The GDPR is emphatic on the independence of supervisory authorities in general terms and in specific terms. The GDPR is the answer to the requirement for supervisory authorities to act independently. We now have one common law in Europe. A framework has been established to ensure the consistent application of that law, including in respect of the level of sanctioning and the level of decision-making in respect of the gravity and seriousness of infringements. Deputy Wallace referenced Articles 60 and 65. There are robust and rigorous procedures in place within the GDPR to ensure that consistent application of this legal framework. Article 65 has not been put in practice yet. We have had fewer than ten Article 60 decisions across the EU achieve completion. The EDPP is very much still testing the waters of these procedures.

In summary, the framework is in place to ensure that every data protection authority in Europe is applying the law consistently and in its findings.