FantasticSearch

1. The independent supervisory authorities referred to in Article 51 of Regulation (EU) 2016/679 shall carry out an audit of processing operations of API data constituting personal data performed by the competent border authorities for the purposes of this Regulation at least once every four years. Member States shall ensure that their independent supervisory authorities have sufficient resources and expertise to fulfil the tasks entrusted to them under this Regulation.

2. The European Data Protection Supervisor shall carry out an audit of processing operations of API data constituting personal data performed by eu-LISA for the purposes of this Regulation, in accordance with relevant international auditing standards at least once every year. A report of that audit shall be sent to the European Parliament, to the Council, to the Commission, to the Member States and to eu-LISA. eu-LISA shall be given an opportunity to make comments before the reports are adopted.

3. In relation to the processing operations referred to in paragraph 2 of this Article, upon request, eu-LISA shall supply information requested by the European Data Protection Supervisor, shall grant the European Data Protection Supervisor access to all the documents it requests and to the logs referred to in Article 17(2), and shall allow the European Data Protection Supervisor access to all eu-LISA’s premises at any time.