Understanding CJEU's ruling on non-material damages under GDPR

The Court of Justice of the European Union (CJEU) has recently provided significant insights into how individuals can claim 'non-material damage' against businesses for GDPR violations. This article will guide you through the key aspects of this ruling and what it means for your business.

What's the latest development?

On 4 May 2023, the CJEU delivered a crucial decision on 'non-material damage', where an Austrian citizen claimed €1,000 in damages from the Austrian Post for a GDPR violation. This ruling has brought much-needed clarity for businesses on GDPR compliance.

Contrary to common belief, a GDPR breach doesn't automatically entitle individuals to claim compensation. However, they are entitled to compensation if they can demonstrate the material or non-material damage suffered due to a GDPR violation. The CJEU clarified that a mere infringement of the GDPR isn't enough to establish a right to compensation under Article 82. Instead, three conditions must be met:

  1. Infringement of the GDPR;
  2. Damage resulted from that infringement;
  3. A causal link between the infringement and the damage suffered.

The CJEU also emphasized that each Member State has the authority to set the rules and criteria for determining the extent of compensation.

What does this mean for your business?

The CJEU ruling has rejected the idea of a required minimum threshold for awarding compensation for non-material damage under the GDPR. This means that even if the damage isn't "significant", the ruling empowers individuals to seek damages against businesses for GDPR violations.

Therefore, it's more crucial than ever for businesses to promptly handle data subject requests and ensure they are processed within the legal deadline. Businesses can use the Data Subject Request portal on DataGuard's platform to efficiently collect, process, and close DSRs efficiently.

If you would like more information on the DSR portal, you can watch this video.

The legal background

In a case against the Austrian Post, an Austrian citizen sought €1,000 in compensation for "great upset, loss of confidence, and a feeling of exposure" after being affiliated with a particular political party following a data collection exercise by Osterreichische Post. The individual argued that this was a misuse of his personal data and was thereby entitled to compensation. Read the official decision of the CJEU here.

For more insights and updates on data privacy and GDPR, visit our blog!

Über den Autor

DataGuard Datenschutz-Experten DataGuard Datenschutz-Experten
DataGuard Datenschutz-Experten

Tauchen Sie ein in die Welt der Datensicherheit und DSGVO – mit Tipps und Meinungen unserer zertifizierten Datenschutzbeauftragten in Deutschland, UK und Österreich. Unsere Experten kommen aus den unterschiedlichsten Bereichen wie Wirtschaft, Recht, Technik oder Marketing und teilen mit Ihnen die neuesten Nachrichten sowie Lösungen zu aktuellen Herausforderungen, Urteilen und Rechtsentscheidungen. Ihr Ziel? Ihnen das Wissen und die Werkzeuge an die Hand zu geben, damit Sie die richtigen Entscheidungen treffen, Ihr Unternehmen absichern, Vertrauen aufbauen und Ihren Umsatz steigern können – in Einklang mit geltenden Datenschutzgesetzen. Diese Qualifizierungen unserer Datenschutzberater stehen für Qualität und Vertrauen: Zertifizierter Datenschutzbeauftragter (TÜV), Certified Information Privacy Professional/Europe (IAPP), Certified Information Privacy Manager (IAPP) Information Security, Certified Information Privacy Technologist (IAPP), Certified Practitioner in Data Protection (BCS), Fellow of Information Privacy (IAPP), Certified EU General Data Protection Regulation Practitioner (IBITGQ), Data Protection Officer & Europrivacy Auditor, Practitionier Certificate in Data Protection, PC.dp. (GDPR)

Mehr Artikel ansehen

Contact Sales

See what DataGuard can do for you.

Find out how our Privacy, InfoSec and Compliance solutions can help you boost trust, reduce risks and drive revenue.

  • 100% success in ISO 27001 audits to date 
  • 40% total cost of ownership (TCO) reduction
  • A scalable easy-to-use web-based platform
  • Actionable business advice from in-house experts

Trusted by 4.000+ customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • External data protection officer
  • Audit of your privacy status-quo
  • Ongoing GDPR support from a industry experts
  • Automate repetitive privacy tasks
  • Priority support during breaches and emergencies
  • Get a defensible GDPR position - fast!

Trusted by 4.000+ customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Continuous support on your journey towards the certifications on ISO 27001 and TISAX®️, as well as NIS2 Compliance.
  • Benefit from 1:1 consulting
  • Set up an easy-to-use ISMS with our Info-Sec platform
  • Automatically generate mandatory policies
Certified-Icon

100% success in ISO 27001 audits to date

 

 

TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

Trusted by 4.000+ customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Proactive support
  • Create essential documents and policies
  • Staff compliance training
  • Advice from industry experts

Trusted by 4.000+ customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Comply with the EU Whistleblowing Directive
  • Centralised digital whistleblowing system
  • Fast implementation
  • Guidance from compliance experts
  • Transparent reporting

Trusted by 4.000+ customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Let's talk

0-25
26-250
251-500
501-2000
2001-10000
>10000
Privacy (GDPR Compliance/DPO)
Security (ISO 27001, TISAX, NIS2)
Consent & Preference Management
Whistleblowing
Germany
United Kingdom
Austria
Sweden
Norway
Finland
Denmark
Other