Upon initiation of proceedings under GDPR for the breach of any provisions of GDPR, and if controller or processor is found to have committed a breach as alleged, the data subject can seek compensation for the same. In this regard, article 82 provides for the detailed provisions and they are-
- Any person who suffered material or non-material damage as a result of an infringement of GDPR must have a right to receive compensation from the controller or processor for the damage suffered.
- Any controller involved in processing must be liable for the damage caused by processing which infringes GDPR. A processor must be liable for the damage caused by processing only where it has not complied with obligations of GDPR as specifically directed to the processor or where it has acted outside or contrary to lawful instructions of the controller.
- A controller or processor must be exempted from liability under art.82 (2) if it is proved that it is not in any way responsible for the event of giving rise to the damage.
- Where there are more than controller or processor, or both a controller or processor, are involved in the same processing and where they are under article 82(2) and (3), responsible for any damage caused by processing, each controller or processor must be held liable for the entire damage in order to ensure effective compensation of the data subject.
- Where a controller or processor has, in accordance with paragraph 4 of article 82, paid full compensation for the damage suffered, that controller or processor must be entitled to claim back from the other controller or processor involved in the same processing that part of the compensation corresponding to their part of responsibility for the damage, in accordance with the conditions set out in para 2 of article 82.
- Court proceedings for exercising the right to receive compensation must be brought before the courts competent under the law of the Member States referred under article 79 (2) of GDPR.
Picture Credit- https://www.mparticle.com/