|1||79.||Article 79||GDPR 79|
|2||79.||Right to an effective judicial remedy against a controller or processor||GDPR 79|
|3||79.1||1. Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77, each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation.||GDPR 79|
|4||79.2||2. Proceedings against a controller or a processor shall be brought before the courts of the Member State where the controller or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has his or her habitual residence, unless the controller or processor is a public authority of a Member State acting in the exercise of its public powers.||GDPR 79|
|Item||Reference||Articles which affect Article 79||Link|
|5||4.(1)||(1) 'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;||GDPR 4|
|6||4.(2)||(2) 'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;||GDPR 4|
|7||4.(7)||(7) 'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;||GDPR 4|
|8||4.(8)||(8) 'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;||GDPR 4|
|9||4.(21)||(21) 'supervisory authority' means an independent public authority which is established by a Member State pursuant to Article 51;||GDPR 4|
|Item||Reference||Sections of the Data Protection Act 2018 which affect Article 79||Link|
|10||s. 167||Compliance orders||DPA s.167|
|11||s. 167||(1) This section applies if, on an application by a data subject, a court is satisfied that there has been an infringement of the data subject’s rights under the data protection legislation in contravention of that legislation.
(2) A court may make an order for the purposes of securing compliance with the data protection legislation which requires the controller in respect of the processing, or a processor acting on behalf of that controller-
(a) to take steps specified in the order, or
(b) to refrain from taking steps specified in the order.
(3) The order may, in relation to each step, specify the time at which, or the period within which, it must be taken.
(4) In subsection (1)-
(a) the reference to an application by a data subject includes an application made in exercise of the right under Article 79(1) of the GDPR (right to an effective remedy against a controller or processor);
(b) the reference to the data protection legislation does not include Part 4 of this Act or regulations made under that Part.
(5) In relation to a joint controller in respect of the processing of personal data to which Part 3 applies whose responsibilities are determined in an arrangement under section 58, a court may only make an order under this section if the controller is responsible for compliance with the provision of the data protection legislation that is contravened.
|Item||Reference||GDPR Recitals which affect Article 79|
|12||Recital 141||(141) Every data subject should have the right to lodge a complaint with a single supervisory authority, in particular in the Member State of his or her habitual residence, and the right to an effective judicial remedy in accordance with Article 47 of the Charter if the data subject considers that his or her rights under this Regulation are infringed or where the supervisory authority does not act on a complaint, partially or wholly rejects or dismisses a complaint or does not act where such action is necessary to protect the rights of the data subject. The investigation following a complaint should be carried out, subject to judicial review, to the extent that is appropriate in the specific case. The supervisory authority should inform the data subject of the progress and the outcome of the complaint within a reasonable period. If the case requires further investigation or coordination with another supervisory authority, intermediate information should be given to the data subject. In order to facilitate the submission of complaints, each supervisory authority should take measures such as providing a complaint submission form which can also be completed electronically, without excluding other means of communication.|
|13||Recital 145||(145) For proceedings against a controller or processor, the plaintiff should have the choice to bring the action before the courts of the Member States where the controller or processor has an establishment or where the data subject resides, unless the controller is a public authority of a Member State acting in the exercise of its public powers.|
|Item||Reference||Related Guidance which affects Article 79|