7GDPR Enforcement
Vigilant and effective antitrust enforcement today is preferable to the heavy hand of government regulation of the Internet tomorrow.
— Orrin Hatch
In our previous chapters, we discussed the duties and responsibilities of the Controllers and Processors under GDPR. Securing a legal basis for processing data subject rights and protecting the data are the central concerns of a Controller. Now, let us examine how those rights and responsibilities can be enforced under the scheme of the regulation. There are four ways to enforce GDPR compliance:
- Through “in-house” modalities and mechanisms,
- By approaching the appropriate SA,
- By going to court, and
- By having an ADR mechanism in place.
In this chapter, we shall examine all of the above.
7.1 In-House Mechanisms
GDPR encourages Controllers to assist data subjects in exercising their rights in processing personal data.1 This is a form of self-regulation as a part of GDPR compliance. Some of the measures discussed below are mandatory while others are advisable business practices to avoid liability. Mechanisms must be set up by modalities or easily accessible icons to help the users easily access and control their personal data.
7.1.1 A Quick Review
Earlier, in Chapter 6, we discussed the Controller’s information and transparency obligations requiring them to provide details to users regarding their rights and the duty to create modalities to exercise those rights.2 Let us review what GDPR requires before proceeding. ...
Get Data Privacy and GDPR Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
