„Our employees are doing perfectly well; they do not need training."
Are you sure about that?
Article 57 GDPR
Tasks
1. Without prejudice to other tasks defined under this Regulation, each supervisory authority in its territory:
P: 98
(b) disseminate to the public knowledge and understanding of the risks, regulations, safeguards and rights associated with processing. Particular attention shall be paid to activities aimed at children;
P: 98
(c) advise, in accordance with the law of the Member State, the national parliament, the government and other institutions and bodies on legal and administrative measures to protect the rights and freedoms of natural persons in relation to processing;
P: 98
(d) disseminate to administrators and processors knowledge of their obligations under this Regulation;
(e) provide the data subject, at his request, with information on the exercise of his rights under this Regulation and, where appropriate, cooperate with the supervisory authorities of other Member States for this purpose;
(f) handle complaints lodged by a data subject or by an entity, organization, or association in accordance with Article 80, conducts proceedings regarding such complaints to the extent necessary and informs the complainant within a reasonable time of the progress and results of such proceedings, in particular if further proceedings are necessary or coordination with another supervisory authority is required;
(g) cooperate with other supervisory authorities, including by sharing information and providing mutual assistance, in order to ensure the consistent application and enforcement of this Regulation;
(h) conduct proceedings on the application of this Regulation, including on the basis of information received from another supervisory authority or other public authority;
(i) monitor changes in relevant areas where those changes affect the protection of personal data, in particular monitoring the development of information and communication technologies and commercial practices;
(k) establishes and maintains a register in connection with the requirement to conduct a data protection impact assessment pursuant to Article 35(4);
(l) issues the recommendations referred to in Article 36(2) concerning processing operations;
(o) where applicable, conduct periodic reviews of the certifications granted in accordance with Article 42(7);
(r) issues approvals for contractual clauses and provisions referred to in Article 46(3);
(s) approves binding corporate rules pursuant to Article 47;
(t) participate in the work of the European Data Protection Board;
(u) maintains an internal record of infringements of this Regulation and of the measures taken in accordance with Article 58(2); and
(v) perform other tasks related to the protection of personal data.
2. Each supervisory authority shall facilitate the filing of complaints referred to in paragraph (1)(f) by such means as a ready-made complaint form, which can also be filled out electronically, which does not exclude other means of communication.
3. Each supervisory authority performs tasks for the benefit of the data subject and, when applicable, the data protection officer free of charge.
4. If the request is manifestly unreasonable or excessive, particularly due to its repetitive nature, the supervisory authority may charge a reasonable fee based on administrative costs or may refuse to take the requested action. The burden is on the supervisory authority to demonstrate that the request is manifestly unreasonable or excessive.
*Article 57 (1) (p) as amended by correction of 23 May 2018 (EU Decree L, 2018, No 127, paragraph 2) which shall enter into force on 23 May 2018.
