iCompaas Support

Overview

This article ensures that data subjects can claim compensation from controllers or processors for material or non-material damages resulting from GDPR violations. Controllers and processors are liable unless they can prove they are not responsible. When multiple parties are jointly liable, compensation is shared, with recourse for proportional recovery under Article 79(2).

Key Principles

• Right to Compensation: Individuals can seek remedies for GDPR infringements.

• Liability: Controllers and processors are presumed responsible unless proven otherwise.

• Joint Liability: Multiple liable parties share compensation obligations.

• Recourse Mechanism: Parties can recover proportionally from each other as per Article 79(2).

• Protection of Data Subjects: Ensures enforcement of rights and accountability for violations.
  
  

Organizational Applicability

This article applies to:

• Controllers and processors processing personal data of EU/EEA data subjects.

• Data subjects seeking compensation for GDPR violations.

• Supervisory authorities overseeing enforcement and compliance.

• Legal and compliance teams managing risk, liability, and dispute resolution.
  
  

Implementation Requirements

• Establish procedures for data subjects to claim compensation.

• Assess controller and processor liability for damages.

• Determine joint liability and apply proportional recovery mechanisms.

• Maintain records of claims, compensations, and related correspondence.
  
  

Implementation Guidance

• Develop internal processes for evaluating claims and assessing responsibility.

• Train staff on GDPR liability rules, joint liability, and recourse mechanisms.

• Coordinate with legal counsel to manage disputes and compensation settlements.

• Periodically review procedures to ensure compliance with GDPR Article 82.
  
  

Periodic Review

• Frequency: Annually or upon changes in claims, processing activities, or regulations.

• Responsible Role: Compliance Team, Data Protection Officer (DPO), or Legal.

• Outcome: Ensure data subjects can access compensation and controllers/processors manage liability appropriately.
  
  

Non-Compliance Risks

• Fines: Up to €20 million or 4% of global annual turnover for GDPR violations.

• Legal Exposure: Litigation and compensation claims from affected data subjects.

• Reputational Damage: Loss of trust due to failure to compensate or address violations.

• Operational Risk: Poor handling of compensation claims may result in increased disputes and regulatory scrutiny.