GDPR Complaint-Process Map

The General Data Protection Regulation is set to replace the Data Protection Directive effective May 25, 2018. The GDPR is directly applicable in each Member State and will lead to a greater degree of data protection harmonization across EU nations. The GDPR empowers data subjects to seek judicial relief for damages and file administrative complaints with supervisory authorities. The GDPR’s consistency mechanisms – encouraging supervisory authorities to cooperate and agree on infringement decisions, empowering the European Data Protection Board for dispute resolution, making final decisions binding – will ease burdens on controllers and processors doing business across Member States by offering more efficient enforcement solutions. This map consolidates the GDPR’s enforcement provisions into a visual tool, illustrating how supervisory authorities may pursue complaints administratively. The final installment of the IAPP’s Top 10 operational impacts of the GDPR series discusses the consequences for GDPR violations in more depth.

To view this chart on mobile screens please use landscape view or please download this pdf.

To use the map, click any process step for more information.

 

DATA SUBJECTS SUPERVISORY AUTHORITIES COURT(judicial remedies) AGAINSTSUPERVISORY AUTHORITIES AGAINSTCONTROLLERS ORPROCESSORS NON-LEADNOTIFIES LEAD LEAD ISSUES DECISION LEAD DELEGATES THE CASE and non-lead issues decision LEAD TAKES THE CASE and issues decison DECISION IS JOINTLYAGREED UPON DECISION IS NOT JOINTLY AGREED UPON EDPB resolves any dispute DECISION IS JOINTLYAGREED UPON DECISION IS NOT JOINTLYAGREED UPONEDPB resolves any disputes THE PARTIES ARENOTIFIED THE PARTIES ARE NOTIFIED THE PARTIES ARENOTIFIED THE PARTIES ARENOTIFIED THE PARTIES ARENOTIFIED LEAD NON-LEAD LEAD OR NON-LEADSUPERVISORY AUTHORITY? SUPERVISORY AUTHORITY(administrative remedies) COMPLAINT INITIATED BY: