Article 58 of the GDPR: Powers of supervisory authorities

Article 58 of the GDPR describes in detail the powers of investigation, correction, authorization and advice available to the supervisory authorities. These powers are essential to guarantee the effectiveness of the regulation and ensure the protection of people's rights.

Article 58 of the GDPR explained

Supervisory authorities can exercise four main categories of powers:

Investigative powers : access the premises, question staff, request any useful documents;
Corrective powers : issue warnings, order compliance, limit or prohibit processing, impose fines;
Authorizing powers : validate certain specific processing operations, approve codes of conduct, approve binding corporate rules;
Advisory powers : issue opinions to public or private institutions.

These powers are exercised with respect for the right to an effective and contradictory remedy.

Why is this article important for your GDPR compliance?

Article 58 defines the intervention framework of your supervisory authority. Knowing it helps you anticipate a check, respond to a request or adapt your behavior in the event of a sanction.

How to comply with Article 58 of the GDPR?

Prepare to justify your processing in the event of an inspection (register, legal basis, security measures);
Respect the decisions or corrective measures imposed by the authority;
Cooperate fully during audits or investigations;
Consult the authority if you are planning a risky or innovative treatment.

Examples of application of Article 58 of the GDPR

A company receives a warning following excessive data collection;
The CNIL orders the suspension of facial recognition treatment in a public place;
Authority approves sectoral code of conduct on HR data management;
An opinion is delivered on a legislative reform concerning health data.