To advise the controller on the mitigation of privacy risks to protect the controller from liability
claims for non-compliance. Incorrect. The supervisory authority has the task to monitor compliance
and to advise on enhancements, but its purpose is not to protect the controller.
To fulfill the obligation in the GDPR to implement appropriate technical and organizational measures
for data protection. Incorrect. The audit is not the implementation of the measures, but an
assessment of the effectiveness of them.
To monitor and enforce the application of the GDPR by assessing that processing is performed in
compliance with the GDPR. Correct. According to the GDPR this is an important task of a supervisory
authority. (Literature: A, Chapter 7; GDPR Article 57 (1)(a))
