Article 55
Competence
(62) Whereas the establishment in Member States of supervisory authorities, exercising their functions with complete independence, is an essential component of the protection of individuals with regard to the processing of personal data;
Regulation
Art. 55 1. Each supervisory authority shall be competent for the performance of the tasks assigned to and the exercise of the powers conferred on it in accordance with this Regulation on the territory of its own Member State. 2. Where processing is carried out by public authorities or private bodies acting on the basis of point (c) or (e) of Article 6(1), the supervisory authority of the Member State concerned shall be competent. In such cases Article 56 does not apply. 3. Supervisory authorities shall not be competent to supervise processing operations of courts acting in their judicial capacity. |
Directive
Art. 28 (…). 6. Each supervisory authority is competent, whatever the national law applicable to the processing in question, to exercise, on the territory of its own Member State, the powers conferred on it in accordance with paragraph 3. Each authority may be requested to exercise its powers by an authority of another Member State. (…). |
Hungary
No (special) provision under Hungarian law. |
Poland
In force until May 25, 2018: The Act on Personal Data Protection
Article 12 The duties entrusted to the Inspector General comprise, in particular: 1) supervision over ensuring the compliance of data processing with the provisions on the protection of personal data, 2) issuing administrative decisions and considering complaints with respect to the enforcement of the provisions on the protection of personal data, 3) ensuring the obligors’ fulfillment of non-pecuniary obligations arising under the decisions referred to in point 2 by the means of enforcement measures foreseen in the Act of 17 June 1966 on enforcement proceedings in administration (Journal of Laws of 2005, no. 229, item 1954 with amendments), 4) keeping the register of data filing systems and the register of administrators of information security, as well as providing information on the registered data files and the registered administrators of information security, 5) issuing opinions on bills and regulations with respect to the protection of personal data, 6) initiating and undertaking activities to improve the protection of personal data, 7) participating in the work of international organizations and institutions involved in personal data.
Article 14 In order to carry out the tasks referred to in Article 12 point 1 and 2, the Inspector General, the Deputy Inspector General or employees of the Bureau, hereinafter referred to as “the inspectors”, authorized by him/her shall be empowered, in particular to: 1) enter, from 6 a.m. to 10 p.m., upon presentation of a document of personal authorization and service identity card, any premises where the data filing systems are being kept and premises where data are processed outside from the data filing system, and to perform necessary examination or other inspection activities to assess the compliance of the data processing activities with the Act, 2) demand written or oral explanations, and to summon and question any person within the scope necessary to determine the facts of the case, 3) consult any documents and data directly related to the subject of the inspection, and to make a copy of these documents, 4) perform inspection of any devices, data carriers, and computer systems used for data processing, 5) commission expertise and opinions to be prepared.
Article 19 Should the inspection reveal that the action or failure in duties of the head of an organizational unit, its employee or any other natural person acting as the controller bears attributes of an offence within the meaning of the Act, the Inspector General shall inform about it a proper prosecuting body, enclosing the evidence confirming his/her suspicions.
Article 19a 1. In order to perform the tasks referred to in Article 12 point 6, the Inspector General may address state authorities, territorial self-government authorities, as well as To state and municipal organizational units, private entities performing public tasks, natural and legal persons, organizational units without legal personality and other entities in order to ensure efficient protection of personal data. 2. The Inspector General may also request competent authorities to undertake legislative initiatives and to issue or to amend legal acts in cases relative to personal data protection. 3. The entity receiving the address or request referred in paragraphs 1 and 2 shall give an answer in writing to such address or request within 30 days of its receipt.
Article 19b 1. The Inspector General can request an administrator of information security entered into the register referred to in Art. 46c to carry out a check referred to in Art. 36a para. 2 point 1 letter a) at the controller’s, who appointed the administrator of information security, indicating the scope and date of the check. 2. After carrying out the check referred in Art. 36a para. 2 point 1 letter a), the administrator of information security, through the agency of the controller, shall submit to the Inspector General a report referred to in Art. 36a para. 2 point 1 letter a). 3. The fact that the administrator of information security has carried out a check in the case referred to in para. 1 does not exclude the Inspector General’s right to carry out a supervision referred to in Art. 12 point 1. |