- The Commissioner must—
- monitor and enforce Parts 3 and 4 of this Act;
- promote public awareness and understanding of the risks, rules, safeguards and rights in relation to the processing of personal data to which those Parts apply;
- advise Parliament, the government and other institutions and bodies on legislative and administrative measures relating to the protection of individuals’ rights and freedoms with regard to the processing of personal data to which those Parts apply;
- promote the awareness of controllers and processors of their obligations under Parts 3 and 4 of this Act;
- on request, provide information to a data subject concerning the exercise of the data subject’s rights under Parts 3 and 4 of this Act and, if appropriate, co-operate with LED supervisory authorities and foreign designated authorities to provide such information;
- co-operate with LED supervisory authorities and foreign designated authorities with a view to ensuring the consistency of application and enforcement of the Law Enforcement Directive and the Data Protection Convention, including by sharing information and providing mutual assistance;
- conduct investigations on the application of Parts 3 and 4 of this Act, including on the basis of information received from an LED supervisory authority, a foreign designated authority or another public authority;
- monitor relevant developments to the extent that they have an impact on the protection of personal data, including the development of information and communication technologies;
- contribute to the activities of the European Data Protection Board established by the GDPR in connection with the processing of personal data to which the Law Enforcement Directive applies.
- Section 3(14)(c) does not apply to the reference to personal data in subparagraph (1)(h).
The Commissioner has the following investigative, corrective, authorisation and advisory powers in relation to the processing of personal data to which Part 3 or 4 of this Act applies—
- to notify the controller or the processor of an alleged infringement of Part 3 or 4 of this Act;
- to issue warnings to a controller or processor that intended processing operations are likely to infringe provisions of Part 3 or 4 of this Act;
- to issue reprimands to a controller or processor where processing operations have infringed provisions of Part 3 or 4 of this Act;
- to issue, on the Commissioner’s own initiative or on request, opinions to Parliament, the government or other institutions and bodies as well as to the public on any issue related to the protection of personal data.
In this Schedule—
“foreign designated authority” means an authority designated for the purposes of Article 13 of the Data Protection Convention by a party, other than the United Kingdom, which is bound by that Convention;
“LED supervisory authority” means a supervisory authority for the purposes of Article 41 of the Law Enforcement Directive in a Member State other than the United Kingdom.