Functions

Control and guarantee the application of the General Data Protection Regulation (GDPR).

Promote people's awareness and understanding of the risks, rules, guarantees and rights related to the processing of personal data. Activities aimed specifically at children must be the subject to special attention.

Advise, in accordance with the law of the member states, the national parliament, the government and other institutions and bodies, on the legislative and administrative measures relating to the protection of the rights and freedoms of natural persons with regard to data processing.

Promote the awareness of data processors and data controllers on the obligations that correspond to them under the GDPR.

Upon request, provide information to any data subject about the exercise of their rights, pursuant to the provisions of this Regulation and, where appropriate, cooperate with the control authorities of other member states for this purpose.

Process claims submitted by a data subject or by an agency, organisation or association. Likewise, investigate the reason for the claim and inform the person making the claim about the course and outcome of the investigation within a reasonable time, in particular if a new investigation or closer coordination with another control authority is required.

Cooperate with other control authorities, in particular by sharing information, and provide mutual assistance in order to ensure consistency in the application and execution of the GDPR.

Conduct investigations into the application of the GDPR, in particular in accordance with information received from another control authority or another public authority.

Monitor relevant changes that have an impact on personal data protection, in particular those related to the development of information and communication technologies and commercial practices.

Adopt standard contractual clauses linked to processing assignments and international data transfers.

Prepare and maintain a list of processing types that require an impact assessment related to data protection.

Offer advisement in the previous consultations relating to data protection impact assessments.

Encourage the development of codes of conduct, ruling on and approving them, to facilitate the application of data protection in specific sectors.

Encourage the creation of mechanisms, and seals and brands, to demonstrate compliance with data protection regulations, and approve the certification criteria. This includes conducting, where appropriate, a periodic review of the issued certifications.

Elaborate and publish the criteria to accredit the supervisory bodies on codes of conduct, and of the certification bodies.

Accredit the supervisory bodies on the codes of conduct and the certification bodies.

Authorise contractual clauses and provisions relating to international data transfers.

Approve binding corporate rules, relating to international data transfers.

Contribute to the activities of the European Data Protection Board.

Keep internal records of GDPR violations and the measures that have been taken.

Conduct any other function related to the protection of personal data.