Art. 27
Duties of the supervisory authority in matters relating to the protection of personal data and privacy
The supervisory authority has the following duties:
to oversee the implementation of this law;
to respond to every legitimate request for an opinion regarding personal data processing;
to inform the data subject, the data controller, the data processor and a third party of their rights and obligations;
to put in place a register of data controllers and data processors;
to investigate the subject matter of the complaint lodged by the data subject, the data controller, the data processor or a third party relating to the processing of personal data and inform them of the outcome of the investigation within a reasonable period;
to receive and consider the data subject’s appeal;
to advise on matters relating to the protection of personal data and privacy;
cooperate with authorities, organisations or entities operating within the country or abroad in the protection of personal data and privacy.
Art. 28
Powers of the supervisory authority in matters relating to the protection of personal data and privacy
The supervisory authority has powers to:
to issue registration certificate as provided for by this Law;
ensure that the processing of personal data is consistent with the provisions of this Law;
ensure that information and communication technologies do not constitute a threat to public freedoms and the privacy of a person;
to put in place a regulation relating to the application of this Law;
to impose administrative sanctions in accordance with the provisions of this Law