How does it work - can people actually report violations to this enforcement agency? How hard/likely is it for a company to simply buy their way into these agencies?
> How does it work - can people actually report violations to this enforcement agency? How hard/likely is it for a company to simply buy their way into these agencies?
I can't speak for all of Europe, but in Northern Europe this would be very unlikely to happen. The governments and agencies aren't flawless here either, but at least they are quite honest and uncorrupted.
Enforcement is one dedicated organization per country. See https://en.wikipedia.org/wiki/General_Data_Protection_Regula... for the possible sanctions such an organization could apply. It can be pretty minor.
There's a proposed EU law which is pretty much terrible. GPDR is great (IMO).