The Data Protection Commissioner has a broad range of powers to enforce the data protection rights of individuals and to monitor compliance with data protection obligations of data controllers and data processors.

• The Commissioner has investigative powers to establish whether an infringement took place, to carry out data protection audits and to order the provision of, or access to, information.
• The Commissioner also has corrective powers to bring controllers and processors into compliance, such as issuing warnings and reprimands, and imposing administrative fines.
• The Commissioner has advisory powers in respect of data controllers, such as advising controllers in accordance with the prior consultation procedure following a data protection impact assessment when processing would result in a high risk in the absence of mitigating measures.

The Commissioner also has advisory powers in respect of data subjects, such as issuing opinions to the general public on any issue related to the protection of personal data.