The General Data Protection Regulation aims to protect personal data and privacy of natural persons in the EEA. Following the principles of the TFEU and the European Single Market, harmonization of laws creates an equal playing field for all EU residents. The GDPR Regulation became paramount with the advanced economic and social integration, that was furthered by rapid technological developments and globalization. Data flows and personal information have a virtual character and customer protection is not just the sole domain anymore of a local regulator. To ensure data and privacy protection for its citizens, a solid framework must protect the privacy of these very citizens whilst providing a full framework of remedies when things go wrong. The purpose of GDPR remedies is to mitigate risk and limit repetition.
Remedies consider the data subject as well as the controller and processor of the data. As such, the GDPR Regulation covers a straightforward regulatory environment for international enterprises in the EEA and the control natural persons have over their personal data. In line with the Treaty on the Functioning of the European Union, EU laws ensure harmonization and equal treatment in all member states. The GDPR Regulation is nothing different and complements the fundamentals of the European single market.
Transparency is crucial when it comes to personal privacy and data protection. Chapter III of the GDPR Regulation discusses the rights of the data subject. These rights include rectification and erasure, restrictions of processing, and other more general restrictions. Data subjects who feel wronged can file a complaint against the processor or controller with its local and independent supervisory authority. The supervisory authority decides on the actions to bring forward to the wrongdoer. These actions are independent from potential civil claims a data subject can launch. Validation of a civil claim comes from a data breach or other violations of privacy.