Article 54 GDPR (Rules On The Establishment of The Supervisory Authority)

Article 54 of GDPR: Rules On The Establishment of The Supervisory Authority

Article 54 of GDPR lays out the requirements of what each EU member state should adopt into its law as it relates to the establishment of their supervisory authorities.

Legal requirements related to the supervisory authority (Article 54(1) GDPR)

When an EU member state establishes its supervisory authority, it must ensure that all of the following requirements are provided for in the law:

  1. The actual establishment of the supervisory authority (Article 54(1)(a) GDPR)
  2. Eligibility criteria for a member to be appointed (Article 54(1)(b) GDPR)
  3. Rules related to the appointment of a member of the supervisory authority (Article 54(1)(c) GDPR)
  4. Rules related to the term of appointment of a member of the supervisory authority (Article 54(1)(d) GDPR)
  5. Rules related to the number of times a member can be reappointed (Article 54(1)(e) GDPR)
  6. Conditions related to the obligations of the supervisory members and their staff (Article 54(1)(f) GDPR)

Duties of professional secrecy (Article 54(2) GDPR)

Each member of the supervisory authority along with their staff are subject to the duty of professional secrecy during and after their term of office.

Recitals applicable to Article 54 of GDPR

Relevant Recitals: 117, 121

GDPR Regulation article-by-article overview

Read our comprehensive overview of the GDPR Regulation, article by article, where we summarize each of the 99 articles contained in GDPR to give you a complete understanding of its content.

Cited Legislation in Article 54 or relevant recitals


GDPR Text: Article 54 of GDPR and Relevant Recitals

GDPR Text Source: EUR-Lex

Official GDPR Text: General Data Protection Regulation 

Official GDPR Title: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), corrected by Corrigendum, OJL 127, 23.5.2018, p. 2 ((EU) 2016/679)