FantasticSearch

1. The European Data Protection Supervisor shall have the following investigative powers:

(a) to order the controller and the processor to provide any information it requires for the performance of his or her tasks;

(b) to carry out investigations in the form of data protection audits;

(c) to notify the controller or the processor of an alleged infringement of this Regulation;

(d) to obtain, from the controller and the processor, access to all personal data and to all information necessary for the performance of his or her tasks;

(e) to obtain access to any premises of the controller and the processor, including to any data processing equipment and means, in accordance with Union law.

2. The European Data Protection Supervisor shall have the following corrective powers:

(a) to issue warnings to a controller or processor that intended processing operations are likely to infringe provisions of this Regulation;

(b) to issue reprimands to a controller or a processor where processing operations have infringed provisions of this Regulation;

(c) to refer matters to the controller or processor concerned and, if necessary, to the European Parliament, the Council and the Commission;

(d) to order the controller or the processor to comply with the data subject’s requests to exercise his or her rights pursuant to this Regulation;

(e) to order the controller or processor to bring processing operations into compliance with the provisions of this Regulation, where appropriate, in a specified manner and within a specified period;

(f) to order the controller to communicate a personal data breach to the data subject;

(g) to impose a temporary or definitive limitation including a ban on processing;

(h) to order the rectification or erasure of personal data or restriction of processing pursuant to Articles 18, 19 and 20 and the notification of such actions to recipients to whom the personal data have been disclosed pursuant to Article 19(2) and Article 21;

(i) to impose an administrative fine pursuant to Article 66 in the case of non-compliance by a Union institution or body with one of the measures referred to in points (d) to (h) and (j) of this paragraph, depending on the circumstances of each individual case;

(j) to order the suspension of data flows to a recipient in a Member State, a third country or to an international organisation.

3. The European Data Protection Supervisor shall have the following authorisation and advisory powers:

(a) to advise data subjects in the exercise of their rights;

(b) to advise the controller in accordance with the prior consultation procedure referred to in Article 40, and in accordance with Article 41(2);

(c) to issue, on his or her own initiative or on request, opinions to Union institutions and bodies and to the public on any issue related to the protection of personal data;

(d) to adopt standard data protection clauses referred to in Article 29(8) and in point (c) of Article 48(2);

(e) to authorise contractual clauses referred to in point (a) of Article 48(3);

(f) to authorise administrative arrangements referred to in point (b) of Article 48(3);

(g) to authorise processing operations pursuant to implementing acts adopted under Article 40(4).

4. The European Data Protection Supervisor shall have the power to refer the matter to the Court of Justice under the conditions provided for in the Treaties and to intervene in actions brought before the Court of Justice.

5. The exercise of the powers conferred on the European Data Protection Supervisor pursuant to this Article shall be subject to appropriate safeguards, including effective judicial remedies and due process, set out in Union law.