They are defined by the Law of 21 December 2018 n. 171 to art. 59, paragraph 1.
The San Marino Data Protection Authority has the following investigative powers:
a) order the data controller and the data processor to provide you with any information you need for the execution of your duties;
b) conduct investigations in the form of data protection audits;
c) notify the data controller or the processor of the alleged violations of this law;
d) obtain, from the data controller or from the data controller, access to all personal data and all information necessary for the execution of its tasks; is
e) obtain access to all the premises of the data controller and the data controller, including databases, archives and all tools and means of data processing.
They are defined by the law 21 December 2018 n. 171 to art. 59, paragraph 2.
The San Marino Data Protection Authority for the protection of personal data has the following corrective powers:
a) send warnings to the data controller or to the data controller that the treatments provided are likely to violate the provisions of this law;
b) to issue warnings to the data controller or to the data processor if the treatments have violated the provisions of this law;
c) to order the data controller or data controller to satisfy the data subject’s requests to exercise the rights deriving from this law;
d) to order the data controller or data controller to conform the processing to the provisions of this law, if applicable, in a specific manner and within a certain term;
e) order the data controller to communicate a personal data breach to the data subject;
f) impose a temporary or definitive limitation to the treatment, including the prohibition of treatment;
g) order the rectification, cancellation of personal data or the limitation of the processing in accordance with articles 16, 17 and 18 and the notification of these measures to the recipients to whom the personal data have been communicated pursuant to article 17, paragraph 2, and article 19;
h) order the certification body to revoke the certification issued pursuant to articles 43 and 44, as well as order the certification body not to issue the certification, if the certification requirements are not or are no longer met;
i) impose a pecuniary administrative sanction in accordance with Title VIII of this Part, in addition to the measures referred to in this paragraph, or instead of such measures, according to the circumstances of each individual case; is
l) order the suspension of data flows to a recipient in a foreign country or an international organization.
They are defined by the law 21 December 2018 n. 171 to art. 59, paragraph 3.
The San Marino Data Protection Authority for the protection of personal data has the following authorization and consultative powers:
a) provide advice to the data controller, according to the prior consultation procedure referred to in article 37;
b) to issue, on its own initiative or upon request, opinions addressed to the Great and General Council, the Congress of State, or to other bodies and institutions and to the public on matters concerning the protection of personal data;
c) issue an opinion on the draft codes of conduct and approve them, pursuant to article 41, paragraph 3;
d) accrediting the certification bodies referred to in Article 43;
e) approve the certification criteria in accordance with Articles 43 and 44;
f) adopt the standard data protection clauses referred to in Article 29, paragraph 7, and in Article 47, paragraph 2, letter d);
g) authorize the contractual clauses referred to in Article 47, paragraph 3, letter a);
h) authorize the administrative agreements referred to in Article 47, paragraph 3, letter b);
i) approve the binding corporate rules pursuant to Article 48;
l) authorize the establishment of new databases of the State and Public Bodies, subject to the favorable opinion of the competent body.