Tasks
Without prejudice to other duties established under this Regulation, each supervisory authority shall perform the following duties within its territory:
it monitors and enforces the application of this regulation;
it shall promote public awareness and understanding of the risks, rules, safeguards and rights in relation to processing. Particular attention shall be paid to activities aimed specifically at children;
it shall, in accordance with the law of the Member State, advise the national parliament, the government, and other institutions and bodies on legislative initiatives and administrative measures relating to the protection of the rights and freedoms of natural persons with regard to processing;
it makes controllers and processors more aware of their obligations under this Regulation;
it shall provide information to any data subject on request concerning the exercise of his rights under this Regulation and, where appropriate, cooperate with the supervisory authorities in other Member States to this end;
it shall address complaints from data subjects, or bodies, organizations or associations in accordance with Article 80, investigate the substance of the complaint to the extent appropriate, and inform the complainant of the progress and outcome of the investigation within a reasonable time, in particular if further investigation or coordination with another supervisory authority is necessary;
it shall cooperate with other supervisory authorities, including by sharing information and providing mutual assistance, to ensure consistency in the application and enforcement of this Regulation;
it conducts investigations into the application of this Regulation, including on the basis of information received from another supervisory authority or another public body;
it monitors relevant developments insofar as they have an impact on the protection of personal data, in particular developments in information and communication technologies and commercial practices;
it shall adopt the standard contractual clauses referred to in Articles 28(8) and 46(2)(d);
it shall establish and maintain a list in relation to the data protection impact assessment requirement pursuant to Article 35(4);
it shall provide advice on the processing activities referred to in Article 36(2);
it shall promote the establishment of codes of conduct under Article 40(1), give advice and approve, in accordance with Article 40(5), codes of conduct that provide adequate safeguards;
it shall promote the establishment of data protection certification mechanisms and data protection seals and marks in accordance with Article 42(1) and shall adopt the criteria for certification under Article 42(5);
where applicable, conduct a periodic review of certifications issued in accordance with Article 42.7;
it shall establish and publish the criteria for the accreditation of a code of conduct monitoring body under Article 41 and of a certification body under Article 43;
it shall ensure the accreditation of a code of conduct monitoring body under Article 41 and of a certification body under Article 43;
it authorizes the contractual and other provisions referred to in Article 46(3);
it adopts binding operating rules in accordance with Article 47;
It contributes to the activities of the Committee;
it shall keep internal records of violations of this regulation and of measures taken pursuant to Article 58(2); and
it performs all other tasks related to the protection of personal data.
Each supervisory authority shall facilitate the filing of complaints referred to in paragraph 1(f) by taking measures such as providing a complaint form that can also be completed electronically, without excluding other means of communication.
Each supervisory authority shall perform its duties free of charge for the data subject and, where applicable, for the data protection officer.
Where requests are manifestly unfounded or excessive, in particular due to their repetitive nature, the supervisory authority may charge a reasonable fee based on administrative costs, or refuse to comply with the request. It is up to the supervisory authority to demonstrate the manifestly unfounded or excessive nature of the request.
