Article 57 GDPR (Supervisory Authority Tasks)

Article 57 of GDPR: Supervisory authority tasks

Article 57 of GDPR provides a detailed outline of the various tasks of the supervisory authority within its territory.

Tasks of the supervisory authority (Article 57(1) GDPR)

GDPR provides specific details as to the tasks expected to be performed by the supervisory authority of each EU member state.

Such tasks are:

  1. To monitor and enforce the GDPR obligations (Article 57(1)(a) GDPR)
  2. To create public awareness about data protection (Article 57(1)(b) GDPR)
  3. Advise governments about data protection rights and obligations (Article 57(1)(c) GDPR)
  4. To create awareness with data controllers and processors of their obligation (Article 57(1)(d) GDPR)
  5. Provide relevant information to data subjects about data protection (Article 57(1)(e) GDPR)
  6. Investigate and handle complaints related to data protection and processing (Article 57(1)(f) GDPR)
  7. Collaborate with other supervisory authorities to ensure consistency of GDPR application (Article 57(1)(g) GDPR)
  8. Conduct necessary investigations as requested by other supervisory authorities or public authority (Article 57(1)(h) GDPR)
  9. Monitor the latest development in technology and commercial practices related to data processing (Article 57(1)(i) GDPR)
  10. Adopt standard contractual clauses as required by GDPR (Article 57(1)(j) GDPR)
  11. Maintain a list of the data protection impact assessment requirements (Article 57(1)(k) GDPR)
  12. Provide advice on data processing operations (Article 57(1)(l) GDPR)
  13. Provide opinions and approve codes of conduct (Article 57(1)(m) GDPR)
  14. Approve certification criteria (Article 57(1)(n) GDPR)
  15. Review certifications from time to time (Article 57(1)(o) GDPR)
  16. Determine and publish the accreditation criteria (Article 57(1)(p) GDPR)
  17. Handle the accreditation of bodies monitoring the codes of conduct (Article 57(1)(q) GDPR)
  18. Authorize contractual clauses (Article 57(1)(r) GDPR)
  19. Approve binding corporate rules (Article 57(1)(s) GDPR)
  20. Support the activities of the European Data Protection Board (Article 57(1)(t) GDPR)
  21. Keep records if GDPR infringement and measures taken (Article 57(1)(u) GDPR)
  22. Handle any other tasks related to its mission (Article 57(1)(v) GDPR)

Complaint submission facilitation (Article 57(2) GDPR)

Every supervisory authority should make sure that they facilitate the manner complaints are submitted to them relating to data protection.

Complaints can be submitted either electronically or through other means.

Tasks handled free of charge (Article 57(3) GDPR)

The supervisory authority should handle its tasks free of charge to the data subjects and the data protection officers.

Fees charged for abusive cases (Article 57(4) GDPR)

When the supervisory authority receives abusive requests, excessive ones or unfounded requests, it has the right to charge a reasonable fee based on its administration costs or even refuse to act.

Recitals applicable to Article 57 of GDPR

Relevant Recitals: 122, 123, 132, 133, 137

GDPR Regulation article-by-article overview

Read our comprehensive overview of the GDPR Regulation, article by article, where we summarize each of the 99 articles contained in GDPR to give you a complete understanding of its content.

Cited Legislation in Article 57 or relevant recitals


GDPR Text: Article 57 of GDPR and Relevant Recitals

GDPR Text Source: EUR-Lex

Official GDPR Text: General Data Protection Regulation 

Official GDPR Title: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), corrected by Corrigendum, OJL 127, 23.5.2018, p. 2 ((EU) 2016/679)