GDPR Procedural Regulation
Data & Privacy
- Data Act
- Data Governance Act
- EHDS
- ePrivacy Directive
- GDPR
- GDPR Procedural Regulation
AI & Trust
- Artificial Intelligence Act
- Product Liability Directive
Cybersecurity
- Cyber Resilience Act
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
GDPR Procedural Regulation
- Recitals
CHAPTER I
GENERAL PROVISIONSArticles 1 — 3
CHAPTER II
LODGING OF COMPLAINTS AND EARLY RESOLUTIONArticles 4 — 5
CHAPTER III
COOPERATION UNDER ARTICLE 60 OF REGULATION (EU) 2016/679Articles 6 — 23
CHAPTER IV
ADMINISTRATIVE FILE, COOPERATION FILE AND TREATMENT OF CONFIDENTIAL INFORMATIONArticles 24 — 26
CHAPTER V
DISPUTE RESOLUTIONArticles 27 — 30
CHAPTER VII
GENERAL AND FINAL PROVISIONSArticles 34 — 37
GDPR-PR
GDPR-PR Article 4. Complaints concerning cross-border processing
- 1.A complaint on the basis of Regulation (EU) 2016/679 concerning cross-border processing shall be admissible provided that it includes the following information:
- (a)the name and contact details of the person lodging the complaint;
- (b)where the complaint is lodged by a not-for-profit body, organisation or association referred to in Article 80 of Regulation (EU) 2016/679, proof that that body, organisation or association has been properly constituted in accordance with the law of a Member State;
- (c)where the complaint is lodged on the basis of Article 80(1) of Regulation (EU) 2016/679, the name and contact details of the not-for-profit body, organisation or association lodging that complaint and proof that that body, organisation or association is acting on the basis of a mandate of a data subject;
- (d)information which facilitates the identification of the controller or processor that is the subject of the complaint;
- (e)a description of the alleged infringement of Regulation (EU) 2016/679.
No information additional to that referred to in the first subparagraph shall be required in order for a complaint concerning cross-border processing to be admissible. Administrative modalities and requirements under the national procedural law of the supervisory authority with which the complaint has been lodged shall continue to apply.
- 2.Where the supervisory authority with which a complaint has been lodged determines that the complaint does not contain the information referred to in paragraph 1, first subparagraph, it shall, within two weeks of receiving that complaint, declare that complaint inadmissible and inform the complainant of the reasons thereof.
- 3.The complainant shall not be required to have contacted the party under investigation before lodging a complaint in order for that complaint to be admissible. Without prejudice to the first subparagraph, where a complaint relates to the exercise of a right of the data subject that relies on the data subject concerned making a request to the controller, that request shall be made to the controller before that complaint is lodged.
- 4.The supervisory authority with which the complaint has been lodged shall determine, by way of a preliminary conclusion, the following:
- (a)whether the complaint concerns cross-border processing;
- (b)which supervisory authority it presumes to be competent to act as lead supervisory authority in accordance with Article 56(1) of Regulation (EU) 2016/679; and
- (c)whether Article 56(2) of Regulation (EU) 2016/679 applies.
- 5.Where a complaint that concerns cross-border processing is admissible and in the absence of an early resolution pursuant to Article 5, the supervisory authority with which the complaint has been lodged shall transmit that complaint to the supervisory authority it presumes is competent to act as lead supervisory authority no later than six weeks from the receipt of that complaint and inform the complainant of that transmission. The determination of admissibility of a complaint by the supervisory authority with which that complaint has been lodged shall be binding on the lead supervisory authority.
- 6.Within six weeks of the receipt of a complaint, the supervisory authority presumed to be competent to act as lead supervisory authority shall either confirm its competence or, where there are conflicting views on which of the other supervisory authorities concerned is competent for the main establishment, refer the subject matter to the European Data Protection Board (the ‘Board’) for dispute resolution under Article 65(1), point (b), of Regulation (EU) 2016/679. Where the supervisory authority presumed to be competent to act as lead supervisory authority does not confirm its competence or refer the subject matter to the Board within the time limit referred to in the first subparagraph, the supervisory authority with which the complaint has been lodged shall refer the subject matter to the Board for dispute resolution under Article 65(1), point (b), of Regulation (EU) 2016/679.
- 7.Without prejudice to its admissibility, the supervisory authority with which a complaint has been lodged or the lead supervisory authority may request the complainant to submit supplementary information in order to facilitate the handling of that complaint and enable its full investigation.
- 8.The lead supervisory authority shall inform the party under investigation of the lodging of a complaint and of its main elements without delay.