Člen 57 📖 SUVP (GDPR). Naloge

Člen 57 SUVP (GDPR). Naloge

Article 57 GDPR. Tasks

1. Brez poseganja v druge naloge, določene v tej uredbi, vsak nadzorni organ na svojem ozemlju:

1. Without prejudice to other tasks set out under this Regulation, each supervisory authority shall on its territory:

(a) spremlja in zagotavlja uporabo te uredbe;

(a) monitor and enforce the application of this Regulation;

(b) spodbuja ozaveščenost in razumevanje javnosti o tveganjih, pravilih, zaščitnih ukrepih in pravicah v zvezi z obdelavo. Posebna pozornost se posveti dejavnostim, ki so namenjene izrecno otrokom;

(b) promote public awareness and understanding of the risks, rules, safeguards and rights in relation to processing. Activities addressed specifically to children shall receive specific attention;

(c) v skladu s pravom države članice svetuje nacionalnemu parlamentu, vladi ter drugim institucijam in organom o zakonodajnih in upravnih ukrepih v zvezi z varstvom pravic in svoboščin posameznikov pri obdelavi;

(c) advise, in accordance with Member State law, the national parliament, the government, and other institutions and bodies on legislative and administrative measures relating to the protection of natural persons’ rights and freedoms with regard to processing;

(d) spodbuja ozaveščenost upravljavcev in obdelovalcev glede njihovih obveznosti na podlagi te uredbe;

(d) promote the awareness of controllers and processors of their obligations under this Regulation;

(e) vsakemu posamezniku, na katerega se nanašajo osebni podatki, na zahtevo zagotovi informacije o uresničevanju njegovih pravic na podlagi te uredbe in v ta namen, če je ustrezno, sodeluje z nadzornimi organi v drugih državah članicah;

(e) upon request, provide information to any data subject concerning the exercise of their rights under this Regulation and, if appropriate, cooperate with the supervisory authorities in other Member States to that end;

(f) obravnava pritožbe, ki jih vloži posameznik, na katerega se nanašajo osebni podatki, oziroma v skladu s členom 80 telo, organizacija ali združenje, v ustreznem obsegu preuči vsebino pritožbe in v razumnem roku obvesti pritožnika o poteku in rezultatu preiskave, zlasti če je potrebna nadaljnja preiskava ali usklajevanje z drugim nadzornim organom;

(f) handle complaints lodged by a data subject, or by a body, organisation or association in accordance with Article 80, and investigate, to the extent appropriate, the subject matter of the complaint and inform the complainant of the progress and the outcome of the investigation within a reasonable period, in particular if further investigation or coordination with another supervisory authority is necessary;

Povezana besedila

Člen 80 SUVP (GDPR). Zastopanje posameznikov, na katere se nanašajo osebni podatki

Article 80 GDPR. Representation of data subjects

(g) sodeluje z drugimi nadzornimi organi, med drugim z izmenjavo informacij, in jim zagotavlja medsebojno pomoč, da se zagotovi doslednost pri uporabi in izvajanju te uredbe;

(g) cooperate with, including sharing information and provide mutual assistance to, other supervisory authorities with a view to ensuring the consistency of application and enforcement of this Regulation;

(h) izvaja preiskave o uporabi te uredbe, tudi na podlagi informacij, ki jih prejme od drugega nadzornega organa ali drugega javnega organa;

(h) conduct investigations on the application of this Regulation, including on the basis of information received from another supervisory authority or other public authority;

(i) spremlja razvoj na zadevnem področju, kolikor vpliva na varstvo osebnih podatkov, predvsem razvoj informacijskih in komunikacijskih tehnologij ter trgovinskih praks;

(i) monitor relevant developments, insofar as they have an impact on the protection of personal data, in particular the development of information and communication technologies and commercial practices;

(j) sprejema standardna pogodbena določila iz člena 28(8) in točke (d) člena 46(2);

(j) adopt standard contractual clauses referred to in Article 28(8) and in point (d) of Article 46(2);

Povezana besedila

Člen 28 SUVP (GDPR). Obdelovalec

Article 28 GDPR. Processor

[…]

8. Nadzorni organ lahko sprejme standardna pogodbena določila za zadeve iz odstavkov 3 in 4 tega člena ter v skladu z mehanizmom za skladnost iz člena 63.

8. A supervisory authority may adopt standard contractual clauses for the matters referred to in paragraph 3 and 4 of this Article and in accordance with the consistency mechanism referred to in Article 63.

[…]

Člen 46 SUVP (GDPR). Prenosi, za katere se uporabljajo ustrezni zaščitni ukrepi

Article 46 GDPR. Transfers subject to appropriate safeguards

[…]

2. Ustrezni zaščitni ukrepi iz odstavka 1 se lahko, ne da bi bilo potrebno posebno dovoljenje nadzornih organov, zagotovijo s:

2. The appropriate safeguards referred to in paragraph 1 may be provided for, without requiring any specific authorisation from a supervisory authority, by:

(d) standardnimi določili o varstvu podatkov, ki jih sprejme nadzorni organ in odobri Komisija v skladu s postopkom pregleda iz člena 93(2);

(d) standard data protection clauses adopted by a supervisory authority and approved by the Commission pursuant to the examination procedure referred to in Article 93(2);

[…]

(k) vzpostavi in vzdržuje seznam v zvezi z zahtevo po oceni učinka v zvezi z varstvom podatkov v skladu s členom 35(4);

(k) establish and maintain a list in relation to the requirement for data protection impact assessment pursuant to Article 35(4);

Povezana besedila

Člen 35 SUVP (GDPR). Ocena učinka v zvezi z varstvom podatkov

Article 35 GDPR. Data protection impact assessment

[…]

4. Nadzorni organ določi in objavi seznam vrst dejanj obdelave, za katere velja zahteva po oceni učinka v zvezi z varstvom podatkov v skladu z odstavkom 1. Nadzorni organ te sezname posreduje odboru iz člena 68.

4. The supervisory authority shall establish and make public a list of the kind of processing operations which are subject to the requirement for a data protection impact assessment pursuant to paragraph 1. The supervisory authority shall communicate those lists to the Board referred to in Article 68.

[…]

(l) svetuje glede dejanj obdelave iz člena 36(2);

(l) give advice on the processing operations referred to in Article 36(2);

Povezana besedila

Člen 36 SUVP (GDPR). Predhodno posvetovanje

Article 36 GDPR. Prior consultation

[…]

2. Kadar nadzorni organ meni, da bi predvidena obdelava iz odstavka 1 kršila to uredbo, zlasti kadar upravljavec ni ustrezno opredelil ali ublažil tveganja, nadzorni organ v roku do osmih tednov po prejemu zahteve za posvetovanje pisno svetuje upravljavcu, kadar je ustrezno, pa tudi obdelovalcu, in lahko uporabi katero koli pooblastilo iz člena 58. To obdobje se lahko ob upoštevanju kompleksnosti predvidene obdelave podaljša za nadaljnjih šest tednov. Nadzorni organ o vsakem takem podaljšanju obvesti upravljavca in, kadar je potrebno, obdelovalca v enem mesecu od prejema zahteve za posvetovanje, skupaj z razlogi za zamudo. Ta rok se lahko začasno odloži, dokler nadzorni organ ne pridobi informacij, ki jih je zahteval za namene posvetovanja.

2. Where the supervisory authority is of the opinion that the intended processing referred to in paragraph 1 would infringe this Regulation, in particular where the controller has insufficiently identified or mitigated the risk, the supervisory authority shall, within period of up to eight weeks of receipt of the request for consultation, provide written advice to the controller and, where applicable to the processor, and may use any of its powers referred to in Article 58. That period may be extended by six weeks, taking into account the complexity of the intended processing. The supervisory authority shall inform the controller and, where applicable, the processor, of any such extension within one month of receipt of the request for consultation together with the reasons for the delay. Those periods may be suspended until the supervisory authority has obtained information it has requested for the purposes of the consultation.

[…]

(m) spodbuja pripravo kodeksov ravnanja v skladu s členom 40(1) ter poda mnenje in odobri take kodekse ravnanja, ki zagotavljajo zadostne zaščitne ukrepe, v skladu s členom 40(5);

(m) encourage the drawing up of codes of conduct pursuant to Article 40(1) and provide an opinion and approve such codes of conduct which provide sufficient safeguards, pursuant to Article 40(5);

Povezana besedila

Člen 40 SUVP (GDPR). Kodeksi ravnanja

Article 40 GDPR. Codes of conduct

1. Države članice, nadzorni organi, odbor in Komisija spodbujajo pripravljanje kodeksov ravnanja, katerih namen je prispevati k pravilni uporabi te uredbe, ob upoštevanju posebnih značilnosti različnih sektorjev za obdelavo ter posebnih potreb mikro, malih in srednjih podjetij.

1. The Member States, the supervisory authorities, the Board and the Commission shall encourage the drawing up of codes of conduct intended to contribute to the proper application of this Regulation, taking account of the specific features of the various processing sectors and the specific needs of micro, small and medium-sized enterprises.

[…]

5. Združenja in druga telesa iz odstavka 2 tega člena, ki nameravajo pripraviti kodeks ravnanja oziroma spremeniti ali razširiti veljaven kodeks, predložijo osnutek kodeksa, spremembo ali razširitev nadzornemu organu, pristojnemu v skladu s členom 55. Nadzorni organ poda mnenje, ali je osnutek kodeksa, sprememba ali razširitev skladna s to uredbo, in takšen osnutek kodeksa, spremembo ali razširitev potrdi, če oceni, da zagotavlja zadostne ustrezne zaščitne ukrepe.

5. Associations and other bodies referred to in paragraph 2 of this Article which intend to prepare a code of conduct or to amend or extend an existing code shall submit the draft code, amendment or extension to the supervisory authority which is competent pursuant to Article 55. The supervisory authority shall provide an opinion on whether the draft code, amendment or extension complies with this Regulation and shall approve that draft code, amendment or extension if it finds that it provides sufficient appropriate safeguards.

[…]

(n) spodbuja vzpostavitev mehanizmov potrjevanja za varstvo podatkov ter pečatov in označb za varstvo podatkov v skladu s členom 42(1) in odobri merila potrjevanja v skladu s členom 42(5);

(n) encourage the establishment of data protection certification mechanisms and of data protection seals and marks pursuant to Article 42(1), and approve the criteria of certification pursuant to Article 42(5);

Povezana besedila

Člen 42 SUVP (GDPR). Potrjevanje

Article 42 GDPR. Certification

1. Države članice, nadzorni organi, odbor in Komisija zlasti na ravni Unije spodbujajo vzpostavitev mehanizmov potrjevanja za varstvo podatkov ter pečatov in označb za varstvo podatkov za dokazovanje, da so dejanja obdelave s strani upravljavcev in obdelovalcev v skladu s to uredbo. Upoštevajo se posebne potrebe mikro, malih in srednjih podjetij.

1. The Member States, the supervisory authorities, the Board and the Commission shall encourage, in particular at Union level, the establishment of data protection certification mechanisms and of data protection seals and marks, for the purpose of demonstrating compliance with this Regulation of processing operations by controllers and processors. The specific needs of micro, small and medium-sized enterprises shall be taken into account.

[…]

5. Potrdilo v skladu s tem členom izdajo organi za potrjevanje iz člena 43 ali pristojni nadzorni organ, in sicer na podlagi meril, ki jih odobri ta pristojni nadzorni organ na podlagi člena 58(3) ali odbor na podlagi člena 63. Kadar merila odobri odbor, je lahko rezultat meril skupno potrjevanje, evropski pečat za varstvo podatkov.

5. A certification pursuant to this Article shall be issued by the certification bodies referred to in Article 43 or by the competent supervisory authority, on the basis of criteria approved by that competent supervisory authority pursuant to Article 58(3) or by the Board pursuant to Article 63. Where the criteria are approved by the Board, this may result in a common certification, the European Data Protection Seal.

[…]

(o) kadar je ustrezno, izvaja redne preglede potrdil, izdanih v skladu s členom 42(7);

(o) where applicable, carry out a periodic review of certifications issued in accordance with Article 42(7);

Povezana besedila

Člen 42 SUVP (GDPR). Potrjevanje

Article 42 GDPR. Certification

[…]

7. Potrdilo se izda upravljavcu ali obdelovalcu za obdobje največ treh let in se pod enakimi pogoji lahko podaljša, če so zadevne zahteve še naprej izpolnjene. Organi za potrjevanje iz člena 43 ali pristojni nadzorni organ, kakor je ustrezno, potrdilo prekličejo, kadar zahteve v zvezi s potrdilom niso ali niso več izpolnjene.

7. Certification shall be issued to a controller or processor for a maximum period of three years and may be renewed, under the same conditions, provided that the relevant criteria continue to be met. Certification shall be withdrawn, as applicable, by the certification bodies referred to in Article 43 or by the competent supervisory authority where the criteria for the certification are not or are no longer met.

[…]

(p) oblikuje in objavi merila za pooblastitev telesa za spremljanje kodeksov ravnanja v skladu s členom 41 in organa za potrjevanje v skladu s členom 43;

(p) draft and publish the requirements for accreditation of a body for monitoring codes of conduct pursuant to Article 41 and of a certification body pursuant to Article 43;

Povezana besedila

Člen 41 SUVP (GDPR). Spremljanje odobrenih kodeksov ravnanja

Article 41 GDPR. Monitoring of approved codes of conduct

Člen 43 SUVP (GDPR). Organi za potrjevanje

Article 43 GDPR. Certification bodies

(q) opravi pooblastitev telesa za spremljanje kodeksov ravnanja v skladu s členom 41 in organa za potrjevanje v skladu s členom 43;

(q) conduct the accreditation of a body for monitoring codes of conduct pursuant to Article 41 and of a certification body pursuant to Article 43;

Povezana besedila

Člen 41 SUVP (GDPR). Spremljanje odobrenih kodeksov ravnanja

Article 41 GDPR. Monitoring of approved codes of conduct

Člen 43 SUVP (GDPR). Organi za potrjevanje

Article 43 GDPR. Certification bodies

(r) odobri pogodbena določila in določbe iz člena 46(3);

(r) authorise contractual clauses and provisions referred to in Article 46(3);

Povezana besedila

Člen 46 SUVP (GDPR). Prenosi, za katere se uporabljajo ustrezni zaščitni ukrepi

Article 46 GDPR. Transfers subject to appropriate safeguards

[…]

3. Ustrezni zaščitni ukrepi iz odstavka 1 se lahko z dovoljenjem ustreznega nadzornega organa zagotovijo tudi zlasti s:

3. Subject to the authorisation from the competent supervisory authority, the appropriate safeguards referred to in paragraph 1 may also be provided for, in particular, by:

(a) pogodbenimi določili med upravljavcem ali obdelovalcem in upravljavcem, obdelovalcem ali uporabnikom osebnih podatkov v tretji državi ali mednarodni organizaciji, ali

(a) contractual clauses between the controller or processor and the controller, processor or the recipient of the personal data in the third country or international organisation; or

(b) določbami, ki se vstavijo v upravne dogovore med javnimi organi ali telesi in v katere so vključene izvršljive in učinkovite pravice za posameznike, na katere se nanašajo podatki.

(b) provisions to be inserted into administrative arrangements between public authorities or bodies which include enforceable and effective data subject rights.

[…]

(s) odobri zavezujoča poslovna pravila v skladu s členom 47;

(s) approve binding corporate rules pursuant to Article 47;

Povezana besedila

Člen 47 SUVP (GDPR). Zavezujoča poslovna pravila

Article 47 GDPR. Binding corporate rules

(t) prispeva k dejavnostim odbora;

(t) contribute to the activities of the Board;

(u) hrani notranjo evidenco kršitev te uredbe in sprejetih ukrepov v skladu s členom 58(2), ter

(u) keep internal records of infringements of this Regulation and of measures taken in accordance with Article 58(2); and

Povezana besedila

Člen 58 SUVP (GDPR). Pooblastila

Article 58 GDPR. Powers

[…]

2. Vsak nadzorni organ ima vsa naslednja popravljalna pooblastila:

2. Each supervisory authority shall have all of the following corrective powers:

(a) da izda upravljavcu ali obdelovalcu opozorilo, da bi predvidena dejanja obdelave verjetno kršila določbe te uredbe;

(a) to issue warnings to a controller or processor that intended processing operations are likely to infringe provisions of this Regulation;

(b) da upravljavcu ali obdelovalcu izreče opomin, kadar so bile z dejanji obdelave kršene določbe te uredbe;

(b) to issue reprimands to a controller or a processor where processing operations have infringed provisions of this Regulation;

(c) da upravljavcu ali obdelovalcu odredi, naj ugodi zahtevam posameznika, na katerega se nanašajo osebni podatki, glede uresničevanja njegovih pravic na podlagi te uredbe;

(c) to order the controller or the processor to comply with the data subject’s requests to exercise his or her rights pursuant to this Regulation;

(d) da upravljavcu ali obdelovalcu odredi, naj dejanja obdelave, če je to ustrezno, na določen način in v določenem roku uskladi z določbami te uredbe;

(d) to order the controller or processor to bring processing operations into compliance with the provisions of this Regulation, where appropriate, in a specified manner and within a specified period;

(e) da upravljavcu odredi, naj posameznika, na katerega se nanašajo osebni podatki, obvesti o kršitvi varstva osebnih podatkov;

(e) to order the controller to communicate a personal data breach to the data subject;

(f) da uvede začasno ali dokončno omejitev obdelave, vključno s prepovedjo obdelave;

(f) to impose a temporary or definitive limitation including a ban on processing;

(g) da v skladu s členi 16, 17 in 18 odredi popravek ali izbris osebnih podatkov oziroma omejitev obdelave in o takšnih ukrepih v skladu s členom 17(2) in členom 19 uradno obvesti uporabnike, ki so jim bili osebni podatki razkriti;

(g) to order the rectification or erasure of personal data or restriction of processing pursuant to Articles 16, 17 and 18 and the notification of such actions to recipients to whom the personal data have been disclosed pursuant to Article 17(2) and Article 19;

(h) da prekliče potrdilo ali organu za potrjevanje odredi preklic potrdila, izdanega v skladu s členoma 42 in 43, ali da organu za potrjevanje odredi, naj ne izda potrdila, kadar zahteve v zvezi s potrdilom niso ali niso več izpolnjene;

(h) to withdraw a certification or to order the certification body to withdraw a certification issued pursuant to Articles 42 and 43, or to order the certification body not to issue certification if the requirements for the certification are not or are no longer met;

(i) da glede na okoliščine posameznega primera poleg ali namesto ukrepov iz tega odstavka naloži upravno globo v skladu s členom 83;

(i) to impose an administrative fine pursuant to Article 83, in addition to, or instead of measures referred to in this paragraph, depending on the circumstances of each individual case;

(j) da odredi prekinitev prenosov podatkov uporabniku v tretji državi ali mednarodni organizaciji.

(j) to order the suspension of data flows to a recipient in a third country or to an international organisation.

[…]

(v) opravlja vse druge naloge, povezane z varstvom osebnih podatkov.

(v) fulfil any other tasks related to the protection of personal data.

2. Vsak nadzorni organ olajša postopek vložitve pritožb iz točke (f) odstavka 1 z ukrepi, kot je obrazec za vložitev pritožbe, ki ga je mogoče izpolniti elektronsko, pri čemer niso izključena druga komunikacijska sredstva.

2. Each supervisory authority shall facilitate the submission of complaints referred to in point (f) of paragraph 1 by measures such as a complaint submission form which can also be completed electronically, without excluding other means of communication.

3. Opravljanje nalog vsakega nadzornega organa je za posameznika, na katerega se nanašajo osebni podatki, in za pooblaščeno osebo za varstvo podatkov, kadar ta obstaja, brezplačno.

3. The performance of the tasks of each supervisory authority shall be free of charge for the data subject and, where applicable, for the data protection officer.

4. Kadar so zahteve očitno neutemeljene ali pretirane, zlasti ker se ponavljajo, lahko nadzorni organ zaračuna razumno pristojbino glede na upravne stroške ali zavrne ukrepanje v zvezi z zahtevo. Nadzorni organ nosi dokazno breme, da je zahteva očitno neutemeljena ali pretirana.

4. Where requests are manifestly unfounded or excessive, in particular because of their repetitive character, the supervisory authority may charge a reasonable fee based on administrative costs, or refuse to act on the request. The supervisory authority shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.

Splošna uredba o varstvu podatkov (SUVP, GDPR)

General Data Protection Regulation (EU GDPR)

The latest consolidated version of the Regulation with corrections by Corrigendum, OJ L 127, 23.5.2018, p. 2 ((EU) 2016/679). Source: EUR-lex.

Uvodne izjave Pustite komentar

Uvodne izjave

(123) Nadzorni organi bi morali spremljati uporabo določb v skladu s to uredbo in prispevati k njeni dosledni uporabi v vsej Uniji, da bi varovali posameznike pri obdelavi njihovih osebnih podatkov in olajšali prost pretok osebnih podatkov na notranjem trgu. V ta namen bi morali nadzorni organi sodelovati med seboj in s Komisijo, ne da bi morale države članice med seboj zato skleniti sporazum o zagotavljanju medsebojne pomoči ali o takem sodelovanju.

(123) The supervisory authorities should monitor the application of the provisions pursuant to this Regulation and contribute to its consistent application throughout the Union, in order to protect natural persons in relation to the processing of their personal data and to facilitate the free flow of personal data within the internal market. For that purpose, the supervisory authorities should cooperate with each other and with the Commission, without the need for any agreement between Member States on the provision of mutual assistance or on such cooperation.

(132) Dejavnosti nadzornih organov, ki so namenjene ozaveščanju javnosti, bi morale obsegati posebne ukrepe, usmerjene na upravljavce in obdelovalce, vključno z mikro, malimi in srednjimi podjetji, pa tudi posameznike, zlasti na področju izobraževanja.

(132) Awareness-raising activities by supervisory authorities addressed to the public should include specific measures directed at controllers and processors, including micro, small and medium-sized enterprises, as well as natural persons in particular in the educational context.

Pustite komentar

[js-disqus]