Art. 13 (1) DGA:
"The competent authority for data intermediation services shall monitor and supervise compliance with this Chapter. The competent authority may also monitor and supervise the compliance of such data intermediation services based on the request of natural or legal persons."
(2) The competent authority for data intermediation services shall have the power to request from providers of data intermediation services or their legal representatives all the information that is necessary to verify compliance with the requirements of this Chapter. Any request for information shall be proportionate to the performance of the task and shall be reasoned.
(3) Where the competent authority for data intermediation services finds that a provider of data intermediation services does not comply with one or more of the requirements of this Chapter, it shall notify that provider of those findings and give it the opportunity to state its views, within 30 days.
(4) The competent authority shall have the power to require the cessation of the infringement referred to in paragraph 3 within a reasonable time limit or immediately in the case of a serious infringement and shall take appropriate and proportionate measures aiming to ensure compliance. In that regard, the competent authorities shall have the power, where appropriate:
(a) to impose, through administrative procedures, dissuasive financial penalties which may include periodic penalties and penalties with retroactive effect, or to initiate legal proceedings for the imposition of fines, or both;
(b) to require a postponement in the commencement or suspension of the provision of the data intermediation service until modifications of its conditions, as requested by the competent authority, are made; or to require the cessation of the provision of the data intermediation service, in case serious or repeated infringements have not been corrected despite the prior notification or warning in accordance with paragraph (3). The competent authority for data intermediation services shall request the Commission to remove the provider of the data intermediation service from the register of providers of data intermediation services once it has ordered the cessation of the service. If a provider of data intermediation service corrects the breaches, a provider shall re-notify the competent authority. The competent authority shall notify the Commission of each new renotification.
(4a) Where a provider of data intermediation services that is not established in the Union fails to designate a legal representative or the legal representative fails, upon request of the competent authority, to provide the necessary information that comprehensively demonstrates compliance with this Regulation, the competent authority shall have the power to postpone or suspend the provision of the data intermediation service until the legal representative is designated or the necessary information is provided.
(5) The competent authorities shall communicate the measures imposed pursuant to paragraph 4, the reasons on which they are based as well as the necessary steps to be taken to rectify the relevant shortcomings to the provider of data intermediation services concerned without delay and shall stipulate a reasonable period, no longer than 30 days, for the provider to comply with the measures.
(6) If a provider of data intermediation services has its main establishment or legal representative in a Member State, but provides services in other Member States, the competent authority of the Member State of the main establishment or where the legal representative is located and the competent authorities of those other Member States shall cooperate and assist each other. Such assistance and cooperation may cover information exchanges between the competent authorities concerned for the purposes of their tasks under this Regulation and requests to take the measures referred to in this Article. Where a competent authority for data intermediation services in one Member State requests assistance from another Member State, it shall submit a duly justified request. The competent authority for data intermediation services so requested shall, without undue delay and within a timeframe proportionate to the urgency of the request, provide a response. Any information exchanged in the context of assistance requested and provided under this paragraph shall be used only in respect of the matter for which it was requested."