Each supervisory authority has the investigative powers, including but not limited to:
- carrying out investigations in the form of data protection audits
- notifying the controller or processor of infringements of the GDPR
- obtaining from the controller and processor, certain information, including access to any relevant personal data or premises or equipment
Each supervisory authority has corrective powers, including but not limited to:
- issuing warnings to a controller or processor that intended processing operations are likely to cause infringements
- issuing reprimands to a controller or processor where processing operations have infringed the provisions of the GDPR
- ordering the controller or processor to comply with the data subject's requests to exercise his or her rights
- ordering the controller to communicate a personal data breach to the data subject
- imposing a temporary or definitive limitation including ban on processing
Each supervisory authority has authorisation and advisory powers, including but not limited to:
- advising the controller in accordance with the prior consultation procedure
- issuing an opinion and approving draft codes of conduct
- accrediting certification bodies
- authorising contractual clauses and approving binding corporate rules
The content herein is provided for your convenience and does not constitute legal advice.
Compliance Technology Solutions B.V. 2018