Article 51
Supervisory authority
(62) Whereas the establishment in Member States of supervisory authorities, exercising their functions with complete independence, is an essential component of the protection of individuals with regard to the processing of personal data;
Regulation
Art. 51 1. Each Member State shall provide for one or more independent public authorities to be responsible for monitoring the application of this Regulation, in order to protect the fundamental rights and freedoms of natural persons in relation to processing and to facilitate the free flow of personal data within the Union (‘supervisory authority’). 2. Each supervisory authority shall contribute to the consistent application of this Regulation throughout the Union. For that purpose, the supervisory authorities shall cooperate with each other and the Commission in accordance with Chapter VII. 3. Where more than one supervisory authority is established in a Member State, that Member State shall designate the supervisory authority which is to represent those authorities in the Board and shall set out the mechanism to ensure compliance by the other authorities with the rules relating to the consistency mechanism referred to in Article 63. 4. Each Member State shall notify to the Commission the provisions of its law which it adopts pursuant to this Chapter, by 25 May 2018 and, without delay, any subsequent amendment affecting them. |
Directive
Art. 28 1. Each Member State shall provide that one or more public authorities are responsible for monitoring the application within its territory of the provisions adopted by the Member States pursuant to this Directive. These authorities shall act with complete independence in exercising the functions entrusted to them. 2. Each Member State shall provide that the supervisory authorities are consulted when drawing up administrative measures or regulations relating to the protection of individuals' rights and freedoms with regard to the processing of personal data. 3. Each authority shall in particular be endowed with: - investigative powers, such as powers of access to data forming the subject-matter of processing operations and powers to collect all the information necessary for the performance of its supervisory duties, - effective powers of intervention, such as, for example, that of delivering opinions before processing operations are carried out, in accordance with Article 20, and ensuring appropriate publication of such opinions, of ordering the blocking, erasure or destruction of data, of imposing a temporary or definitive ban on processing, of warning or admonishing the controller, or that of referring the matter to national parliaments or other political institutions, - the power to engage in legal proceedings where the national provisions adopted pursuant to this Directive have been violated or to bring these violations to the attention of the judicial authorities. Decisions by the supervisory authority which give rise to complaints may be appealed against through the courts. 4. Each supervisory authority shall hear claims lodged by any person, or by an association representing that person, concerning the protection of his rights and freedoms in regard to the processing of personal data. The person concerned shall be informed of the outcome of the claim. Each supervisory authority shall, in particular, hear claims for checks on the lawfulness of data processing lodged by any person when the national provisions adopted pursuant to Article 13 of this Directive apply. The person shall at any rate be informed that a check has taken place. 5. Each supervisory authority shall draw up a report on its activities at regular intervals. The report shall be made public. 6. Each supervisory authority is competent, whatever the national law applicable to the processing in question, to exercise, on the territory of its own Member State, the powers conferred on it in accordance with paragraph 3. Each authority may be requested to exercise its powers by an authority of another Member State. The supervisory authorities shall cooperate with one another to the extent necessary for the performance of their duties, in particular by exchanging all useful information. 7. Member States shall provide that the members and staff of the supervisory authority, even after their employment has ended, are to be subject to a duty of professional secrecy with regard to confidential information to which they have access. |
Czechia
Article 2 |
United Kingdom
51. General duties of Commissioner (1) It shall be the duty of the Commissioner to promote the following of good practice by data controllers and, in particular, so to perform his functions under this Act as to promote the observance of the requirements of this Act by data controllers. (2) The Commissioner shall arrange for the dissemination in such form and manner as he considers appropriate of such information as it may appear to him expedient to give to the public about the operation of this Act, about good practice, and about other matters within the scope of his functions under this Act, and may give advice to any person as to any of those matters. (3) Where— (a) the [F1 Secretary of State] so directs by order, or (b) the Commissioner considers it appropriate to do so, the Commissioner shall, after such consultation with trade associations, data subjects or persons representing data subjects as appears to him to be appropriate, prepare and disseminate to such persons as he considers appropriate codes of practice for guidance as to good practice. (4) The Commissioner shall also— (a) where he considers it appropriate to do so, encourage trade associations to prepare, and to disseminate to their members, such codes of practice, and (b) where any trade association submits a code of practice to him for his consideration, consider the code and, after such consultation with data subjects or persons representing data subjects as appears to him to be appropriate, notify the trade association whether in his opinion the code promotes the following of good practice. (5) An order under subsection (3) shall describe the personal data or processing to which the code of practice is to relate, and may also describe the persons or classes of persons to whom it is to relate. [F2(5A)In determining the action required to discharge the duties imposed by subsections (1) to (4), the Commissioner may take account of any action taken to discharge the duty imposed by section 52A (data-sharing code) [F3or section 52AA (direct marketing code)].] (6) The Commissioner shall arrange for the dissemination in such form and manner as he considers appropriate of— (a) any Community finding as defined by paragraph 15(2) of Part II of Schedule 1, (b) any decision of the European Commission, under the procedure provided for in Article 31(2) of the Data Protection Directive, which is made for the purposes of Article 26(3) or (4) of the Directive, and (c) such other information as it may appear to him to be expedient to give to data controllers in relation to any personal data about the protection of the rights and freedoms of data subjects in relation to the processing of personal data in countries and territories outside the European Economic Area. (7) The Commissioner may, with the consent of the data controller, assess any processing of personal data for the following of good practice and shall inform the data controller of the results of the assessment. (8) The Commissioner may charge such sums as he may F4... determine for any [F5 relevant] services provided by the Commissioner by virtue of this Part. [F6(8A) In subsection (8) “relevant services” means— (a) the provision to the same person of more than one copy of any published material where each of the copies of the material is either provided on paper, a portable disk which stores the material electronically or a similar medium, (b) the provision of training, or (c) the provision of conferences. (8B)The Secretary of State may by order amend subsection (8A).] (9) In this section— “good practice” means such practice in the processing of personal data as appears to the Commissioner to be desirable having regard to the interests of data subjects and others, and includes (but is not limited to) compliance with the requirements of this Act; “trade association” includes any body representing data controllers. 52. Reports and codes of practice to be laid before Parliament (1) The Commissioner shall lay annually before each House of Parliament a general report on the exercise of his functions under this Act. (2) The Commissioner may from time to time lay before each House of Parliament such other reports with respect to those functions as he thinks fit. (3) The Commissioner shall lay before each House of Parliament any code of practice prepared under section 51(3) for complying with a direction of the [F1 Secretary of State] , unless the code is included in any report laid under subsection (1) or (2). Schedule 5 - The Data Protection Commissioner 1 (1) The corporation sole by the name of the Data Protection Registrar established by the M1Data Protection Act 1984 shall continue in existence by the name of the [F2Information Commissioner]. (2) The Commissioner and his officers and staff are not to be regarded as servants or agents of the Crown. 2 (1) Subject to the provisions of this paragraph, the Commissioner shall hold office for such term not exceeding [F4seven years] as may be determined at the time of his appointment. (2) The Commissioner may be relieved of his office by Her Majesty at his own request. (3) The Commissioner may be removed from office by Her Majesty in pursuance of an Address from both Houses of Parliament. |