Article 79 of the GDPR: Right to legal recourse against a data controller

Article 79 of the GDPR grants any data subject the right to bring legal action against a manager or subcontractor if it considers that its rights have been violated due to the processing of personal data.

Article 79 of the GDPR explained

This right:

Allows a person to file a complaint directly before a competent court, without going through a supervisory authority;
May be exercised in the Member State where the data subject resides or where the establishment of the controller or subcontractor is located;
Covers any actual or alleged violation of the rights guaranteed by the GDPR, such as the right of access, rectification or erasure.

This is a direct means of obtaining compensation or cessation of unlawful processing.

Why is this article important for your GDPR compliance?

It emphasizes the importance of documenting and justifying all treatments. Companies must be prepared to demonstrate the lawfulness of their processing before a judge, including at the request of a single individual.

How to comply with Article 79 of the GDPR?

Establish precise documentation on your processing (register, legal bases, purposes);
Respect the rights of the persons concerned (right of access, rectification, erasure, opposition...);
Ensure traceability of requests and responses provided;
Implement legal risk management with the support of your DPO or in-house lawyer.

Examples of application of Article 79 of the GDPR

A user takes legal action against a website for non-compliance with their right to erasure;
A consumer goes to court for unlawful processing of her data for commercial purposes;
A person is refused access to their personal data and files a complaint with a national court.