The Commissioner’s functions under Article 58(1) of the GDPR and paragraph 1 of Schedule 13 include power, with the consent of a controller or processor, to carry out an assessment of whether the controller or processor is complying with good practice in the processing of personal data.

The Commissioner must inform the controller or processor of the results of such an assessment.

In this section, “good practice in the processing of personal data” has the same meaning as in section 128.