interactive GDPR 2016/0679 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- personal data
- processing
- restriction of processing
- profiling
- pseudonymisation
- filing system
- controller
- processor
- recipient
- third party
- consent
- personal data breach
- genetic data
- biometric data
- data concerning health
- main establishment
- representative
- enterprise
- group of undertakings
- binding corporate rules
- supervisory authority
- supervisory authority concerned
- cross-border processing
- relevant and reasoned objection
- information society service
- international organisation
- shall 29
- supervisory_authority 27
- article 23
- pursuant 17
- information 15
- request 15
- regulation 13
- data 11
- referred 10
- article 10
- supervisory 10
- particular 10
- authorities 10
- subject 9
- measures 9
- complaint 8
- assistance 8
- conduct 7
- mutual 7
- which 7
- remedy 7
- commission 7
- provide 7
- protection 7
- accordance 6
- each 6
- requested 6
- the 6
- progress 5
- body 5
- administrative 5
- another 5
- right 5
- judicial 5
- decision 5
- appropriate 4
- have 4
- certification 4
- board 4
- effective 4
- against 4
- such 4
- codes 4
- including 4
- from 4
- relevant 4
- personal_data 4
- inform 4
- means 4
- state 4
Article 57
Tasks
1. Without prejudice to other tasks set out under this Regulation, each supervisory_authority shall on its territory:
| (a) | monitor and enforce the application of this Regulation; |
| (b) | promote public awareness and understanding of the risks, rules, safeguards and rights in relation to processing. Activities addressed specifically to children shall receive specific attention; |
| (c) | advise, in accordance with Member State law, the national parliament, the government, and other institutions and bodies on legislative and administrative measures relating to the protection of natural persons' rights and freedoms with regard to processing; |
| (d) | promote the awareness of controllers and processors of their obligations under this Regulation; |
| (e) | upon request, provide information to any data subject concerning the exercise of their rights under this Regulation and, if appropriate, cooperate with the supervisory authorities in other Member States to that end; |
| (f) | handle complaints lodged by a data subject, or by a body, organisation or association in accordance with Article 80, and investigate, to the extent appropriate, the subject matter of the complaint and inform the complainant of the progress and the outcome of the investigation within a reasonable period, in particular if further investigation or coordination with another supervisory_authority is necessary; |
| (g) | cooperate with, including sharing information and provide mutual assistance to, other supervisory authorities with a view to ensuring the consistency of application and enforcement of this Regulation; |
| (h) | conduct investigations on the application of this Regulation, including on the basis of information received from another supervisory_authority or other public authority; |
| (i) | monitor relevant developments, insofar as they have an impact on the protection of personal_data, in particular the development of information and communication technologies and commercial practices; |
| (j) | adopt standard contractual clauses referred to in Article 28(8) and in point (d) of Article 46(2); |
| (k) | establish and maintain a list in relation to the requirement for data protection impact assessment pursuant to Article 35(4); |
| (l) | give advice on the processing operations referred to in Article 36(2); |
| (m) | encourage the drawing up of codes of conduct pursuant to Article 40(1) and provide an opinion and approve such codes of conduct which provide sufficient safeguards, pursuant to Article 40(5); |
| (n) | encourage the establishment of data protection certification mechanisms and of data protection seals and marks pursuant to Article 42(1), and approve the criteria of certification pursuant to Article 42(5); |
| (o) | where applicable, carry out a periodic review of certifications issued in accordance with Article 42(7); |
| (p) | draft and publish the criteria for accreditation of a body for monitoring codes of conduct pursuant to Article 41 and of a certification body pursuant to Article 43; |
| (q) | conduct the accreditation of a body for monitoring codes of conduct pursuant to Article 41 and of a certification body pursuant to Article 43; |
| (r) | authorise contractual clauses and provisions referred to in Article 46(3); |
| (s) | approve binding_corporate_rules pursuant to Article 47; |
| (t) | contribute to the activities of the Board; |
| (u) | keep internal records of infringements of this Regulation and of measures taken in accordance with Article 58(2); and |
| (v) | fulfil any other tasks related to the protection of personal_data. |
2. Each supervisory_authority shall facilitate the submission of complaints referred to in point (f) of paragraph 1 by measures such as a complaint submission form which can also be completed electronically, without excluding other means of communication.
3. The performance of the tasks of each supervisory_authority shall be free of charge for the data subject and, where applicable, for the data protection officer.
4. Where requests are manifestly unfounded or excessive, in particular because of their repetitive character, the supervisory_authority may charge a reasonable fee based on administrative costs, or refuse to act on the request. The supervisory_authority shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.
Article 61
Mutual assistance
1. Supervisory authorities shall provide each other with relevant information and mutual assistance in order to implement and apply this Regulation in a consistent manner, and shall put in place measures for effective cooperation with one another. Mutual assistance shall cover, in particular, information requests and supervisory measures, such as requests to carry out prior authorisations and consultations, inspections and investigations.
2. Each supervisory_authority shall take all appropriate measures required to reply to a request of another supervisory_authority without undue delay and no later than one month after receiving the request. Such measures may include, in particular, the transmission of relevant information on the conduct of an investigation.
3. Requests for assistance shall contain all the necessary information, including the purpose of and reasons for the request. Information exchanged shall be used only for the purpose for which it was requested.
4. The requested supervisory_authority shall not refuse to comply with the request unless:
| (a) | it is not competent for the subject-matter of the request or for the measures it is requested to execute; or |
| (b) | compliance with the request would infringe this Regulation or Union or Member State law to which the supervisory_authority receiving the request is subject. |
5. The requested supervisory_authority shall inform the requesting supervisory_authority of the results or, as the case may be, of the progress of the measures taken in order to respond to the request. The requested supervisory_authority shall provide reasons for any refusal to comply with a request pursuant to paragraph 4.
6. Requested supervisory authorities shall, as a rule, supply the information requested by other supervisory authorities by electronic means, using a standardised format.
7. Requested supervisory authorities shall not charge a fee for any action taken by them pursuant to a request for mutual assistance. Supervisory authorities may agree on rules to indemnify each other for specific expenditure arising from the provision of mutual assistance in exceptional circumstances.
8. Where a supervisory_authority does not provide the information referred to in paragraph 5 of this Article within one month of receiving the request of another supervisory_authority, the requesting supervisory_authority may adopt a provisional measure on the territory of its Member State in accordance with Article 55(1). In that case, the urgent need to act under Article 66(1) shall be presumed to be met and require an urgent binding decision from the Board pursuant to Article 66(2).
9. The Commission may, by means of implementing acts, specify the format and procedures for mutual assistance referred to in this Article and the arrangements for the exchange of information by electronic means between supervisory authorities, and between supervisory authorities and the Board, in particular the standardised format referred to in paragraph 6 of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 93(2).
Article 77
Right to lodge a complaint with a supervisory_authority
1. Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory_authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal_data relating to him or her infringes this Regulation.
2. The supervisory_authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.
Article 78
Right to an effective judicial remedy against a supervisory_authority
1. Without prejudice to any other administrative or non-judicial remedy, each natural or legal person shall have the right to an effective judicial remedy against a legally binding decision of a supervisory_authority concerning them.
2. Without prejudice to any other administrative or non-judicial remedy, each data subject shall have the right to a an effective judicial remedy where the supervisory_authority which is competent pursuant to Articles 55 and 56 does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged pursuant to Article 77.
3. Proceedings against a supervisory_authority shall be brought before the courts of the Member State where the supervisory_authority is established.
4. Where proceedings are brought against a decision of a supervisory_authority which was preceded by an opinion or a decision of the Board in the consistency mechanism, the supervisory_authority shall forward that opinion or decision to the court.
Article 97
Commission reports
1. By 25 May 2020 and every four years thereafter, the Commission shall submit a report on the evaluation and review of this Regulation to the European Parliament and to the Council. The reports shall be made public.
2. In the context of the evaluations and reviews referred to in paragraph 1, the Commission shall examine, in particular, the application and functioning of:
| (a) | Chapter V on the transfer of personal_data to third countries or international_organisations with particular regard to decisions adopted pursuant to Article 45(3) of this Regulation and decisions adopted on the basis of Article 25(6) of Directive 95/46/EC; |
| (b) | Chapter VII on cooperation and consistency. |
3. For the purpose of paragraph 1, the Commission may request information from Member States and supervisory authorities.
4. In carrying out the evaluations and reviews referred to in paragraphs 1 and 2, the Commission shall take into account the positions and findings of the European Parliament, of the Council, and of other relevant bodies or sources.
5. The Commission shall, if necessary, submit appropriate proposals to amend this Regulation, in particular taking into account of developments in information technology and in the light of the state of progress in the information society.
whereas
dal 2004 diritto e informatica