Rights of the executive bodies of individual EU states

Shishirgano9 · Post by **Shishirgano9** » Tue Feb 11, 2025 9:19 am

The degree of responsibility of the controller or processor, taking into account the technical and organisational measures implemented by them pursuant to Articles 25 and 32 ;
any relevant previous infringements by the controller or processor;
extent of cooperation with the supervisory authority to remedy the infringement and mitigate its possible adverse effects;
categories of personal data affected by the breach;
How the infringement came to the knowledge of the supervisory architect database authority, in particular whether and, if so, to what extent the controller or processor communicated the infringement;
compliance with the measures previously ordered pursuant to Article 58 (2) against the controller or processor concerned in respect of the same subject matter, where such measures have been ordered;
Compliance with approved codes of conduct pursuant to Article 40 or approved certification procedures pursuant to Article 42 and
any other aggravating or mitigating circumstances in the specific case, such as financial advantages gained or losses avoided, directly or indirectly, as a result of the infringement.
In deciding on the imposition of a fine and on its amount, due account shall be taken in each individual case of the powers and circumstances.

They are subject to the regulations set out in Article 58, paragraph 2 .
Circumstances for consideration and penalty.
These are described in the subheadings in paragraph 2, numbers a to j.
Loosely formulated, it states:
Each supervisory authority has all of the following remedial powers,
which legally allow it to do the following:
to warn that there is a risk of violating the regulation
to warn if the regulation has been violated
to instruct to comply with the rights of persons
to bring processing operations into line with the GDPR
to notify in case of a data breach
to impose temporary or permanent bans
rectification or erasure or restriction of processing
to revoke a certification or not to grant a certification

Impose a fine in accordance with Article 83 , in addition to or instead of the measures referred to in this paragraph, depending on the circumstances of the case
to order the suspension of the transmission of data
Article 83 (4) and (5) of the GDPR sets out the general framework of fines for various infringements of the regulation.