In essence, the main subjects are still the Controller and Processor, together with the Data Subject but a new figure appeared between Controller and Processor, the Data Protection Officer (see the specific category), as expert counselor on data protection issues.
Pursuant to art. 77 of the Regulation, any person who has suffered damage as a result of unlawful processing operations or of actions deemed incompatible with the Regulation, shall have the right to receive compensation from the Controller or the Processor for the damage suffered. Each Controller or Processor shall be jointly and severally liable for the entire amount of the damage.
Here we discuss about the relationship between subjects, their roles and consequences of their liability.