Article 58 GDPR
Powers

1. Each supervisory authority shall have all of the following powers with respect to ongoing investigations:

(a) order the controller and the processor, and, where appropriate, the representative of the controller or processor, to provide the supervisory authority with any information necessary to carry out its tasks;

(b) conduct procedures in the form of data protection audits;

(c) reviewing certifications granted pursuant to Article 42(7);

(d) notify the controller or processor of a suspicion of an infringement of this Regulation;

(e) obtain from the controller and the processor access to any personal data and any information necessary for the supervisory authority to carry out its tasks;

(f) obtaining access to all premises of the controller and processor, including equipment and means of data processing, in accordance with procedures laid down in Union or Member State law.

2. Each supervisory authority shall have all of the following remedial powers:

(a) issuing warnings to the controller or processor about the possibility of infringement of this Regulation by means of planned processing operations;

(b) provide a reminder to the controller or processor in case of infringement of this Regulation by processing operations;

(c) order the controller or processor to comply with the request of the data subject resulting from his rights under this Regulation;

(d) order the controller or processor to adapt the processing operations to the provisions of this Regulation and, where appropriate, specify the method and time limit;

(e) order the controller to notify the data subject of a data protection breach;

(f) the imposition of a temporary or total restriction on processing, including a prohibition on processing;

(g) ordering, pursuant to Articles 16, 17, and 18, the rectification or erasure of personal data or the restriction of their processing, and ordering, pursuant to Article 17(2) and Article 19, that recipients to whom the personal data have been disclosed be notified of such actions;

(h) revoking a certification or ordering the certifying body to revoke a certification granted under Article 42 or 43, or ordering the certifying body not to grant certification if the requirements for certification are not met or have ceased to be met;

(i) the imposition, in addition to or in lieu of the measures referred to in this paragraph, of an administrative fine pursuant to Article 83, depending on the circumstances of the specific case;

(j) ordering a suspension of the flow of data to a recipient in a third country or to an international organisation.

3. Each supervisory authority shall have all of the following licensing and advisory powers:

(a) providing advice to the administrator in accordance with the prior consultation procedure referred to in Article 36;

(b) issue, on its own initiative or at its request, opinions to the national parliament, the government of a Member State or, in accordance with the law of a Member State, other institutions and bodies and the general public on any matter relating to the protection of personal data;

(c) authorizing processing in accordance with Article 36(5), if the law of a Member State requires such prior authorization;

(d) reviewing and approving draft codes of conduct in accordance with Article 40(5);

(e) accrediting certification bodies pursuant to Article 43;

(f) granting certification and approving certification criteria in accordance with Article 42(5);

(g) adopting the standard data protection clauses referred to in Article 28(8) and Article 46(2)(d);

(h) authorizing the contractual clauses referred to in Article 46(3)(a);

(i) authorizing the administrative arrangements referred to in Article 46(3)(b);

(j) approving binding corporate rules pursuant to Article 47.

4. The exercise of the powers entrusted to the supervisory authority under this Article shall be subject to appropriate safeguards - including the right to an effective remedy before a court and to a fair trial, as set forth in Union and Member State law in accordance with the Charter of Fundamental Rights.

5. Each Member State shall provide in its laws that its supervisory authority shall have the power to bring a case of violation of this Regulation before the judicial authorities and, where appropriate, to initiate or otherwise participate in legal proceedings to enforce the provisions of this Regulation.

6. Each Member State may provide in its legislation that its supervisory authority shall have other powers in addition to those specified in paragraphs 1, 2 and 3. The exercise of these powers shall not impede the effective application of the provisions of Chapter VII.