Skip to main content

Article 24 — Supervisory Authority

  1. The Sovereign of the Principality of Kaharagia shall be the supervisory authority for the purposes of this Code and shall be responsible for monitoring and enforcing the application of its provisions. In the exercise of this function, the Sovereign shall act as the guarantor of the fundamental right to the protection of personal data as recognised by the Fundamental Laws.
  2. The Sovereign may, by decree, delegate the whole or any part of the supervisory functions conferred by this Code to a Data Protection Officer or to another suitably qualified person or body. Any such delegation shall specify the scope, duration, and conditions of the delegated functions and may be revoked or amended at any time by further decree. The delegate shall exercise the delegated functions subject to such directions of a general character as the Sovereign may issue, provided that such directions do not compromise the independence required by paragraph 3.
  3. The supervisory authority, whether the Sovereign acting personally or a delegate appointed under paragraph 2, shall act with complete independence in the exercise of the supervisory functions conferred by this Code. In particular, the supervisory authority shall be free from external influence, whether direct or indirect, in reaching decisions on individual cases and shall neither seek nor take instructions from any person or entity with respect to such decisions.
  4. The supervisory authority shall publish an annual report on its activities, which shall include at a minimum:
    1. the number and nature of complaints received under Article 27;
    2. a summary of investigations conducted and their outcomes;
    3. a summary of corrective measures and sanctions imposed under Article 28;
    4. any guidance, opinions, or standard clauses issued during the reporting period;
    5. an assessment of emerging trends and challenges in data protection relevant to the Principality.
  5. The annual report referred to in paragraph 4 shall be made publicly available within ninety days of the end of the reporting period to which it relates and shall be published in the Official Gazette and on any official digital platform of the Principality.
  6. The supervisory authority shall maintain appropriate records of its activities and decisions and shall ensure that its processes are transparent and accessible to data subjects and controllers alike, consistent with the principle of proportionality and the administrative capacity of the Principality.