Corrective powers of the Guarantor Authority

They are defined by the law 21 December 2018 n. 171 to art. 59, paragraph 2.

The Guarantor Authority for the protection of personal data has the following corrective powers:

a) send warnings to the data controller or to the data controller that the treatments provided are likely to violate the provisions of this law;

b) to issue warnings to the data controller or to the data processor if the treatments have violated the provisions of this law;

c) to order the data controller or data controller to satisfy the data subject’s requests to exercise the rights deriving from this law;

d) to order the data controller or data controller to conform the processing to the provisions of this law, if applicable, in a specific manner and within a certain term;

e) order the data controller to communicate a personal data breach to the data subject;

f) impose a temporary or definitive limitation to the treatment, including the prohibition of treatment;

g) order the rectification, cancellation of personal data or the limitation of the processing in accordance with articles 16, 17 and 18 and the notification of these measures to the recipients to whom the personal data have been communicated pursuant to article 17, paragraph 2, and article 19;

h) order the certification body to revoke the certification issued pursuant to articles 43 and 44, as well as order the certification body not to issue the certification, if the certification requirements are not or are no longer met;

i) impose a pecuniary administrative sanction in accordance with Title VIII of this Part, in addition to the measures referred to in this paragraph, or instead of such measures, according to the circumstances of each individual case; is

l) order the suspension of data flows to a recipient in a foreign country or an international organization.