Skip to toolbar

Powers and Sanctions

You are here:
Estimated reading time: 1 min

Article 58

Article 58 specifies the powers of the supervisory authority:


Investigative Powers:
  • Require controllers to provide information.
  • Undertake data protection audits.
  • Review certifications (see Article 42).
  • Notify controllers/processors of infringements.
  • Obtain access to personal data from the controllers/processors in order for the supervisory authority to perform required tasks.
  • To gain access to the premises of the controllers/processors.
Corrective Powers:
  • Issues warning or reprimands.
  • Order controllers/processors to:

    > Comply with data subjects rights
    > Bring processes into compliance
    > Communicate personal data breach to the data subject
    > Rectify or erase personal data
    > Suspend data flows to a recipient in a third country or to an international organisation

  • To impose a temporary or definitive limitation including a ban on processing
  • Withdrawing certification.
  • Impose fines.
  • To gain access to the premises of the controllers/processors.

Article 83

Infringement of provisions could result in a fine of 10 millions Euros or 2% of global turnover in the previous financial year whichever is the greater. Depending on the provisions infringed this could raise to 20 million Euros and 4%.




Be prepared for 25 May 2018.

Was this article helpful?
Dislike 0
Views: 15


Not recently active