Recital 23

The supervisory authorities established pursuant to Regulation (EU) 2016/679 are competent for monitoring and enforcing the application of that Regulation, in particular for the monitoring of the processing of personal electronic health data and for handling any complaints lodged by the natural persons concerned. This Regulation establishes additional rights for natural persons regarding primary use, which go beyond and complement access and portability rights enshrined in Regulation (EU) 2016/679. Since those additional rights should also be enforced by the supervisory authorities established pursuant to Regulation (EU) 2016/679, Member States should ensure that those supervisory authorities are provided with the financial and human resources, premises and infrastructure necessary for the effective performance of those additional tasks. The supervisory authority or authorities responsible for the monitoring and enforcement of the processing of personal electronic health data for primary use in compliance with this Regulation should be competent to impose administrative fines. The legal system of Denmark does not allow for administrative fines as set out in this Regulation. The rules on administrative fines may be applied in such a manner that in Denmark the fines are imposed by the competent national courts as a criminal penalty, provided that such an application of the rules has an equivalent effect to administrative fines imposed by supervisory authorities. In any event, the fines imposed should be effective, proportionate and dissuasive.