Each member state must establish one or more independent public authorities, known as the ‘supervisory authority’, that is responsible for monitoring the application of the GDPR within their state.