Article 77 of the GDPR: Right to lodge a complaint with a supervisory authority

Article 77 of the GDPR enshrines the right for any data subject d’submit a complaint with a supervisory authority, particularly when it considers that the processing of its personal data infringes the GDPR.

Article 77 of the GDPR explained

According to this article:

Any person can contact a data protection authority if they consider that their rights have not been respected;
The complaint may be lodged in the Member State where his habitual residence, place of work or place of the alleged infringement is located;
The supervisory authority seized is required to inform it of the progress and outcome of its complaint, including the possibility of legal recourse.

This right is one essential lever to assert your rights under the GDPR.

Why is this article important for your GDPR compliance?

It highlights the importance of seriously handling complaints and requests from data subjects. Businesses need to put one in place clear and responsive complaints management system, in order to prevent sanctions or corrective measures.

How to comply with Article 77 of the GDPR?

Establish a formal GDPR complaints handling procedure;
Identify a point of contact (often the DPO) to receive complaints;
Inform users of their rights and how to contact the CNIL or the competent authority;
Respond to queries within a reasonable time frame, and document your responses.

Examples of application of Article 77 of the GDPR

An employee contacts the CNIL after an unprocessed request to delete his data;
A customer unhappy with the refusal to rectify her information contacts the authority of her country;
The company updates its site with a simplified complaint form.