Article 31
Cooperation with the supervisory authority

Official
Texts
Guidelines
& Caselaw
Review of
EU Regulation
Review of
Nat. Regulation
Show the recitals of the Regulation related to article 31 keyboard_arrow_down Hide the recitals of the Regulation related to article 31 keyboard_arrow_up

(120) Each supervisory authority should be provided with the financial and human resources, premises and infrastructure necessary for the effective performance of their tasks, including those related to mutual assistance and cooperation with other supervisory authorities throughout the Union. Each supervisory authority should have a separate, public annual budget, which may be part of the overall state or national budget.

There is no recital in the Directive related to article 31.

The GDPR

Article 31 of the Regulation sets specific obligations to the controllers and the processors - as well as to their representative, as appropriate, to cooperate at the request of the supervisory authorities, in the performance of their tasks.

This obligation is obvious. Being contained in the first version of the text, it then disappeared to return in the last version. Doubtless, a sign among many others, of a strong political will to strengthen the powers of the supervisory authorities.

The Directive

Neither the Directive, nor most national laws contained a corresponding provision.

Potential issues

We do not see a priori any specific implementation difficulties.

Regulation
1e 2e

Art. 31

The controller and the processor and, where applicable, their representatives, shall cooperate, on request, with the supervisory authority in the performance of its tasks.

1st proposal close

No specific provision

2nd proposal close

No specific provision

Directive close

No specific provision

No specific provision.

 

Poland close

In force until May 25, 2018:

The Act on Personal Data Protection

Art. 54a

Preventing or hindering the performance of inspection activities by the inspector shall be subject to fine or imprisonment up to 2 years.

Art. 15

1. The head of the unit and any natural person acting as a controller of personal data subject to the inspection are obliged to enable the inspector to perform the inspection functions, and in particular to perform the activities and meet the requirements referred to in Article 14 point 1 to 4.

[…]

Art. 14

In order to carry out the tasks referred to in Article 12 point 1 and 2, the Inspector General, the Deputy Inspector General or employees of the Bureau, hereinafter referred to as “the inspectors”, authorized by him/her shall be empowered, in particular to:

1) enter, from 6 a.m. to 10 p.m., upon presentation of a document of personal authorization and service identity card, any premises where the data filing systems are being kept and premises where data are processed outside from the data filing system, and to perform necessary examination or other inspection activities to assess the compliance of the data processing activities with the Act,

2) demand written or oral explanations, and to summon and question any person within the scope necessary to determine the facts of the case,

3) consult any documents and data directly related to the subject of the inspection, and to make a copy of these documents,

4) perform inspection of any devices, data carriers, and computer systems used for data processing,

[…]

close