Skip to content

Recital 146 Indemnity

1The controller or processor should compensate any damage which a person may suffer as a result of processing that infringes this Regulation. 2The controller or processor should be exempt from liability if it proves that it is not in any way responsible for the damage. 3The concept of damage should be broadly interpreted in the light of the case-law of the Court of Justice in a manner which fully reflects the objectives of this Regulation. 4This is without prejudice to any claims for damage deriving from the violation of other rules in Union or Member State law. 5Processing that infringes this Regulation also includes processing that infringes delegated and implementing acts adopted in accordance with this Regulation and Member State law specifying rules of this Regulation. 6Data subjects should receive full and effective compensation for the damage they have suffered. 7Where controllers or processors are involved in the same processing, each controller or processor should be held liable for the entire damage. 8However, where they are joined to the same judicial proceedings, in accordance with Member State law, compensation may be apportioned according to the responsibility of each controller or processor for the damage caused by the processing, provided that full and effective compensation of the data subject who suffered the damage is ensured. 9Any controller or processor which has paid full compensation may subsequently institute recourse proceedings against other controllers or processors involved in the same processing.