In the EU, the two key pieces of legislation that govern data privacy at an EU level are EU Regulation 2016/679 and EU Directive 2002/58/EC. The bodies responsible for the enforcement of data privacy legislation vary across European member states. The powers of supervisory authorities include Investigatory powers, Authorization and advisory powers, and Corrective powers. Fines that EU regulatory authorities may impose are set out in Article 83 of the GDPR. Organizations should carry out risk assessments to determine their risk level. They may also perform data protection impact assessments to help demonstrate compliance.