VGS corporate lawyers
London

+44 2039665531

Milan

+39 0250043613

  • Home
  • Who we are
  • Practice Areas
    • Company law
      • Setting up a company in Italy
      • Corporate governance
      • Bankruptcy
    • Debt Recovery & Credit Collection
    • Arbitration and Mediation
    • Contracts
      • Acquisition Finance
    • White collar crimes
    • Data protection and GDPR
  • People
    • Avv. Valentina Giarrusso
    • Avv. Flavia Di Pilla
    • Avv. Silvia Pellegrini
    • Avv. Giuseppe Ganci
    • Avv. Valentina Improta
    • Dr. Fabrizio Di Patti
    • Avv. Salvatore Fasciana
    • Dr. Yasine Ajlane
  • News & Blog

GDPR infringement and compensation for damages

  • by VGS' Editorial Board
  • 8 May 2019
  • Comments (0)

The General Data Protection Regulation provides companies with an explanation of how personal data should be processed, setting out principles and obligations to be respected. To ensure compliance with these provisions, the GDPR provides for penalties. And, it also provides for the right of the data subject to compensation for damages, in case of violation of data protection rules.

Anyone who suffers from an unlawful processing of their personal data may, in fact, claim damages.            
Specifically, the GDPR states that the data controller or processor should compensate for any damage which a person may suffer as a result of processing that infringes the provisions. Nevertheless, the controller or processor should be exempt from liability if he proves that he is in no way responsible for the infringement.

In addition, the GDPR also provides for a sort of shared responsibility between the data controller and the data processor. In fact, where controllers or processors are involved in the same processing, each controller or processor should be held liable for the entire damage. Therefore, the data subject may request payment of the entire damage to only one of the parties, either the controller or the processor.

The data subject can claim material or non-material damages only when certain conditions are met:

  1. The conduct (active or omissive) constitutes an infringement of the GDPR;
  2. The conduct caused damage to the person concerned;
  3. There is a causal link between the conduct and the damage.

Proof of these conditions should be provided by the data subject. On the other side, however, the data controller should prove that the infringement event is not caused by him and that he did not actually cause any damage. 

VGS Lawyers can assist you in rendering your company compliant with GDPR provisions, in order to avoid to be subject into such kind of claims.

  • GDPR
  • Share:
Previous Article: Trademark registration in Italy
Next Article The factoring agreement under Italian Law

Practice Areas

  • Company law
  • Debt Recovery & Credit Collection
  • Arbitration and Mediation
  • Contracts
  • White collar crimes
  • Data protection and GDPR

Free Consultation

    Tags

    Airbnb Arbitration Artificial Intelligence Auditing Brexit Company Law Company Shares Consent Contracts Cookies Copyright Coronavirus Data DataProcessing Data Protection DPO European Union Eviction Free Title GDPR HealtData HouseHold Agreements Islamic Law Italian Bankruptcy Law Italian Company Law Italian Corporate Law Italian Criminal Law Italian Debt Recovery Italian Entry Visa Italian Intellectual Property Law Italian Legal Advice Italian Privacy Italian Tax Legal guide MedialTreatment Mediation Partnership Patient Personal Data Privacy Processing Research Startup Warranty White Collar Crimes

    Social Links

    • Facebook
    • Instagram
    • LinkedIn

    See also:

    VGS Lawyers

    VGS - Family Lawyers

    © Copyright 2021 | VGS Corporate Lawyers | All right reserved.

    We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.OkPrivacy policy