Rina Steenkamp - Privacy and technology
Chapter VI Independent supervisory authorities
Section 2 Duties and powers
Article 53 Powers
October 2013
Article 53(1)
1. Each supervisory authority shall, in line with this regulation, have the power:
- (a) to notify the controller or the processor of an alleged breach of the provisions governing the processing of personal data, and, where appropriate, order the controller or the processor to remedy that breach, in a specific manner, in order to improve the protection of the data subject, or to order the controller to communicate a personal data breach to the data subject;
- (b) to order the controller or the processor to comply with the data subject's requests to exercise the rights provided by this Regulation;
- (c) to order the controller and the processor, and, where applicable, the representative to provide any information relevant for the performance of its duties;
- (d) to ensure the compliance with prior authorisations and prior consultations referred to in Article 34;
- (e) to warn or admonish the controller or the processor;
- (f) to order the rectification, erasure or destruction of all data when they have been processed in breach of the provisions of this Regulation and the notification of such actions to third parties to whom the data have been disclosed;
- (g) to impose a temporary or definitive ban on processing;
- (h) to suspend data flows to a recipient in a third country or to an international organisation;
- (i) to issue opinions on any issue related to the protection of personal data;
- (ia) to certify controllers and processors pursuant to Article 39;
- (j) to inform the national parliament, the government or other political institutions as well as the public on any issue related to the protection of personal data.
- (ja) to put in place effective mechanisms to encourage confidential reporting of breaches of this Regulation, taking into account guidance issued by the European Data Protection Board pursuant to Article 66(4b).
Article 53(2)
2. Each supervisory authority shall have the investigative power to obtain from the controller or the processor without prior notice:
- (a) access to all personal data and to all documents and information necessary for the performance of its duties;
- (b) access to any of its premises, including to any data processing equipment and means.
The powers referred to in point (b) shall be exercised in conformity with Union law and Member State law.
Article 53(3)
3. Each supervisory authority shall have the power to bring violations of this Regulation to the attention of the judicial authorities and to engage in legal proceedings, in particular pursuant to Article 74(4) and Article 75(2).
Article 53(4)
4. Each supervisory authority shall have the power to sanction administrative offences, in accordance with Article 79. This power shall be exercised in an effective, proportionate and dissuasive manner.
[Source: October 2013]
January 2012
Explanatory memorandum
3.4. Detailed explanation of the proposal
Article 53 provides the powers of the supervisory authority, in parts building on Article 28(3) of Directive 95/46/EC and Article 47 of Regulation (EC) 45/2001, and adding some new elements, including the power to sanction administrative offences.
[Source: January 2012 | Context: Proposal from the European Commission]
Article 53(1) [Amended: October 2013]
1. Each supervisory authority shall have the power:
- (a) to notify the controller or the processor of an alleged breach of the provisions governing the processing of personal data, and, where appropriate, order the controller or the processor to remedy that breach, in a specific manner, in order to improve the protection of the data subject;
- (b) to order the controller or the processor to comply with the data subject's requests to exercise the rights provided by this Regulation;
- (c) to order the controller and the processor, and, where applicable, the representative to provide any information relevant for the performance of its duties;
- (d) to ensure the compliance with prior authorisations and prior consultations referred to in Article 34;
- (e) to warn or admonish the controller or the processor;
- (f) to order the rectification, erasure or destruction of all data when they have been processed in breach of the provisions of this Regulation and the notification of such actions to third parties to whom the data have been disclosed;
- (g) to impose a temporary or definitive ban on processing;
- (h) to suspend data flows to a recipient in a third country or to an international organisation;
- (i) to issue opinions on any issue related to the protection of personal data;
- (j) to inform the national parliament, the government or other political institutions as well as the public on any issue related to the protection of personal data.
Article 53(2) [Amended: October 2013]
2. Each supervisory authority shall have the investigative power to obtain from the controller or the processor:
- (a) access to all personal data and to all information necessary for the performance of its duties;
- (b) access to any of its premises, including to any data processing equipment and means, where there are reasonable grounds for presuming that an activity in violation of this Regulation is being carried out there.
The powers referred to in point (b) shall be exercised in conformity with Union law and Member State law.
Article 53(3)
3. Each supervisory authority shall have the power to bring violations of this Regulation to the attention of the judicial authorities and to engage in legal proceedings, in particular pursuant to Article 74(4) and Article 75(2).
Article 53(4) [Amended: October 2013]
4. Each supervisory authority shall have the power to sanction administrative offences, in particular those referred to in Article 79(4), (5) and (6).
[Source: January 2012 | Context: Proposal from the European Commission]
Directive 95/46/EC
Cross-reference
| General Data Protection Regulation: | Directive 95/46/EC: |
|---|
| Article 53 | Article 28(3) |
Chapter VI Supervisory authority and Working Party on the Protection of Individuals with regard to the Processing of Personal Data
Article 28 Supervisory authority
Article 28(3)
3. Each authority shall in particular be endowed with:
- - investigative powers, such as powers of access to data forming the subject-matter of processing operations and powers to collect all the information necessary for the performance of its supervisory duties,
- - effective powers of intervention, such as, for example, that of delivering opinions before processing operations are carried out, in accordance with Article 20, and ensuring appropriate publication of such opinions, of ordering the blocking, erasure or destruction of data, of imposing a temporary or definitive ban on processing, of warning or admonishing the controller, or that of referring the matter to national parliaments or other political institutions,
- - the power to engage in legal proceedings where the national provisions adopted pursuant to this Directive have been violated or to bring these violations to the attention of the judicial authorities.
[...]
Menu |
My annotated General Data Protection Regulation |
Chapter VI |
Section 2 |
Previous |
Next |
Additional information | Meta |
Contact |
Nederlands
