Functions & Powers of of Supervisory Authority-Part 2

In continuation to our last post we will cover a few more outstanding functions as provided under article 57 of the GDPR and they are-

  1. Keeping internal records of infringements of this regulation and of measures taken in accordance with article 58(2); 
  2. Fulfil any other tasks related to the protection of personal data.

Section 57 further states that the performance of tasks of each supervisory authority shall be free of charge for the data subjects and where applicable, for the data protection officer.  When it appears that the requests are manifestly unfounded or excessive, in particular because of their repetitive character, the supervisory authority may charge a reasonable fee based upon the administrative costs or may refuse to act upon the requests. 

Now we shall discuss the powers of Supervisory authority which are given under article 58 of the GDPR. Basically there are four types of powers categorised under article of 58 of the GDPR and they are-

A) Investigative Powers

B) Corrective Powers

C) Authorisation Powers 

D) Advisory Powers

A) Investigative Powers:

The investigative powers of the Supervisory authority includes the followings-

  1. To order the controller and the processor and where applicable, the controller’s or processor’s representative to provide any information it requires for the performance of its task;
  2. Carry out investigations in the form of data protection audits;  
  3. Carry out a review on certifications issued;
  4. Notify the controller or the processor of an alleged infringement of GDPR;
  5. Obtain, from the controller and the processor, access to all personal data and to all information necessary for performance of its tasks;
  6. Obtain access to any premises of the controller and the processor, including to any data processing equipment and means, in accordance with Unior or member state procedure law.

B) Corrective Powers:

The corrective powers of the Supervisory Authorities includes the followings-

  1. Issuing warnings to a controller or processor that intended processing operations are likely to infringe provisions of GDPR;
  2. Issuing reprimands to controller or processor where processing operation are infringing GDPR;
  3. Ordering the controller or processor to to comply with the data subject’s requests to exercise his/her rights as per GDPR;

To be continued………………………………………

Picture credit- https://www.freeprivacypolicy.com