Powers of the Commissioner

Article 31 of the Applied GDPR requires controllers and processors (and representative if applicable) to cooperate with the supervisory authority (the Information Commissioner) in the performance of its tasks.  The tasks of the Information Commissioner are set out in Article 57 of the Applied GDPR and include:

The powers given to the Commissioner to fulfil the tasks are set out in Article 58 of the Applied GDPR.  These powers are divided into "investigative powers" and "corrective powers" and are subject to the safeguards prescribed in regulation 77 of the Implementing Regulations.  These functions are subject to safeguards set out in Regulation 77 of the Implementing Regulations.

The powers are not mutually exclusive and more than one may be exercised at any time or in succession.

Investigative powers

Corrective powers

Appeals against the exercise of investigative and corrective powers can be made in some circumstances to the Data Protection Tribunal.