Seminar 20 - Enforcement Flashcards
Relevant provisions?
● Art. 8(3) Charter ● TFEU Art. 16(2) ● GDPR art. 51 ● GDPR art. 52 ● GDPR art. 56 ● GDPR art. 4(16) ● GDPR art. 4(22)
What is the enforcement?
Enforcement of the rules are fundamental to ensure compliance.
What is Supervisory authorities? And where is that found in the GDPR?
GDPR art. 51: Each Member State shall provide for one or more independent public authorities to be responsible for monitoring the application of this Regulation
What tasks do an SA have?
■ E.g. (a) monitor and enforce the application of this Regulation, (c) advise the national parliament, the government, and other institutions, (f) handle complaints lodged by a data subject, (j) adopt standard contractual clauses referred to in art. 46(2)(d) and (s) approve binding corporate rules pursuant to art. 47.
What are the powers of SA?
Each SA must have investigative, corrective and advisory powers.
What is important in cross-border processing?
In “cross-border” cases, it is necessary to identify a lead supervisory authority.
How is the lead supervisory authority determined?
Where the main establishment is.
What are the EDPB’s 3 tasks?
● 1) Consistency: The EDPB can issue legally binding decisions.
● 2) Consultation: EDPB tasks include advising the Commission on any issue related to protecting personal data in the Union
● 3) Guidance: The Board also issues guidelines, recommendations and best practice to encourage the consistent application of the regulation
What important case relates to enforcement? Especially cooperation between SA’s?
● Wirtschaftsakademie: (the importance of the cooperation between supervisory authorities - Facebook Germany was inextricably linked to Facebook Inc - thus, the German Supervisory Authority was competent)
Is Identifying a lead supervisory authority only relevant with a cross-border element?
Yes.
When Is the controller or processor carrying out the cross-border processing of personal data?
the controller or processor is established in more than one Member State and
the processing of personal data takes place in the context of the activities of establishments in more than one Member State.
What is a Lead Supervisory Authority?
A ‘lead supervisory authority’ is the authority with the primary responsibility for dealing with a cross-border data processing activity.
What does “main establishment” contain?
The place of its central administration in the Union for both processors and controllers.
What’s important regarding Joint data controllers main establishment?
The controllers should determine which establishment of them that will have the power to implement decisions about the processing with respect to all joint controllers.
What if companies are not established within the EU?
If the company does not have an establishment in the EU, the mere presence of a representative in a Member State does not trigger the one-stop-shop system. This means that controllers without any establishment in the EU must deal with local supervisory authorities in every Member State they are active in, through their local representative.
