OneTrust GDPR Deep Dive Series Chapter 6: Independent Supervisory Authorities
Chapter 6 outlines the Member States’ requirements in the creation, powers, and obligations of independent supervisory data protection authorities (DPA).
Member States must appoint one or more DPAs to implement the GDPR and protect the fundamental rights of individuals.
The data protection authorities must ensure uniform application of the Regulation across the European Union. In principle, this ensures that organisations operating across Member State jurisdictions would not face difficulties with differing interpretations of the law.
Finally, this chapter broadly outlines the duties of the DPA, which include, but not limited to: monitoring and enforcement, promoting public awareness, informing controllers and processors of obligations under the Regulation, approve binding corporate rules, and conducting investigations on behalf of data subjects.
Compared to the Data Protection Directive, the powers and responsibilities of the DPA remain relatively unchanged. The main difference is the development of a consistency mechanism allowing for uniformity across Member State jurisdictions.
Chapter 6 Sections, Articles & Descriptions
Section 1 –– Independent status
Article 51: Supervisory authority
Article 52: Independence
Article 53: General conditions for the members of the supervisory authority
Article 54: Rules on the establishment of the supervisory authority
Section 2 –– Competence, tasks and powers
Article 55: Competence
Article 56: Competence of the lead supervisory authority
Article 57: Tasks
Article 58: Powers
Article 59: Activity reports