Order controllers and processors to provide information - Conduct data protection audits - Carry out investigations, including on-site inspections - Obtain access to premises, including data processing equipment