🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Article 21 of the GDPR: Right of opposition

Home GDPR articles decrypted Article 21 of the GDPR: Right of opposition

Article 21 of the GDPR gives any data subject the right to object at any time to the processing of personal data, in certain specific situations. This right aims to strengthen individuals' control over their data.

Article 21 of the GDPR explained

The right to object applies in two main cases:

  • When the treatment is based on l’legitimate interest of the data controller or on l’execution of a mission of public interest ;
  • When the treatment is carried out at commercial prospecting purposes (direct marketing).

In the first case, the person responsible can refuse the opposition if he demonstrates the existence of compelling legitimate reasons. In the second case (marketing), the opposition is absolute and cannot be refused.

Why is this article important for your GDPR compliance?

The right of opposition is central to respecting the will of people. It is frequently used in commercial prospecting. Failure to respect it constitutes an offense subject to sanctions by the CNIL.

How to comply with Article 21 of the GDPR?

  • Inform people of their right to object in all your privacy policies and marketing communications.
  • Integrate one simple mechanism to object upon processing (e.g. unsubscribe link).
  • Immediately comply with opposition to marketing processing without justification.
  • Keep the opposition proof and update your databases.

Examples of application of Article 21 of the GDPR

  • A user clicks on "unsubscribe" from a newsletter: their email is immediately removed from campaigns.
  • A citizen objects to the use of his data for statistics: the public body must check whether there is a compelling reason for continued processing.
  • An employee objects to the use of his data for non-essential HR behavioral analysis purposes.

Related Resources

Accelerate your compliance in just a few clicks

With our all-in-one solution, you can accelerate and ensure compliance easily:

  • Automate your compliance with our GDPR software
  • Supported or outsourced by our DPO experts
  • Raise awareness among your teams with our GDPR training e-learning

Request a demo with an expert

Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis.

GDPR: Self-assess now

Other articles
on the same subject