Module 11 - Supervision and Enforcement Flashcards
1
Q
What is the role of a data protection authority?
A
- Promote and enforce GDPR.
- Promote aware.
- Conduct investigations.
- Protect human rights.
2
Q
What three categories of power do DPAs have?
A
- Advisory.
- Investigatory.
- Corrective.
MS may also grant additional (local) powers to their DPAs.
3
Q
Which DPA is competent to regulate a controller or processor?
A
- Single establishment: DPA in MS of establishment.
- Multiple establishments: DPA in place of MAIN establishment as LEAD DPA, UNLESS decisions affect DS elsewhere, in which a CONCERNED DPA may become the LEAD DPA.
4
Q
What four governance mechanisms regulate collective DPA interactions?
A
- Cooperation (e.g. amongst lead and concerned DPAs).
- Mutual assistance.
- Joint operations.
- Consistency mechanisms (e.g. EC/EDBP promoting consistent application of GDPR).
5
Q
Who staffs the European Data Protection Board?
A
- Chair.
- 1 representative from the EC.
- 1 representative from each EU MS DPA.
- 1 non-voting representative from each EEA MS.
Note: the EDBP is, hence, independent of all MS.
6
Q
What are the EDPB’s key functions?
A
- Ensuring consistent application of GDPR.
- Issuing guidance.
- Resolving disputes amongst DPAs.
7
Q
What is the role of the European Data Protection Supervisor?
A
- Supervision and enforcement of GDPR against EU institutions.
- Secretariat of EDBP.
8
Q
What sanctions apply for contravention of GDPR?
A
- Greater of EUR 20MM or 4% worldwide turnover for breaches of DS rights, transfer obligations, processing principles, DPA orders or MS law.
- Greater of EUR 10MM or 2% worldwide turnover for other breaches.