Home » Schengen Area » Protection of the rights of individuals

Protection of the rights of individuals

The control on the protection of the rights of individuals related to the processing of their personal data and to receiving access to such data shall be exercised by the Commission for Personal Data protection upon observance the terms and conditions set out in the Law on the Personal data Protection. With respect to data protection, provided according to the provisions of Section VІ of CISA, the general provisions concerning the personal data protection are implemented in the Republic of Bulgaria, regulated by the Law on Personal Data Protection and the Ministry of Interior Act.
In case of infringement of his/her rights under LPDP, any individual shall be entitled to have protection and may implement it both through administrative channels and by order of the court. In the first case the individual may approach CPDP, whereas in the second case he/she may appeal against the actions and acts of the data controller before the relevant administrative court or the Supreme Administrative Court in compliance with the general jurisdiction rules.
 
1.THROUGH ADMINISTRATIVE CHANNELS
CPDP examines petition submitted by individuals against personal data controllers with respect to infringed rights under LPDP. The terms and conditions are stipulated in the provisions of art.38 of LPDP. In case of infringement of their rights under this law, any individual shall be entitled to approach the Commission for Personal Data Protection within one year from finding out such infringement, but not later than five years from committing the infringement. The Commission shall pronounce a decision within 30 days after it has been approached and may issue compulsory instructions, set a time limit to abate the infringement or impose an administrative penalty. The Commission for Personal Data Protection shall also send a copy of the decision to the individual, the decision shall be subject to appeal before the Supreme Administrative Court (SAC) within 14 days of its receipt.
SAC executes judicial control on the particular administrative regulations of KPDP upon observing the terms and on the order of the Administrative Proceedings Code (APC). SAC may announce a decision which shall confirm or repeal the decision of the Commission. This court decision shall be final and shall be enforced both with the individual and the data controller.
Besides on the initiative of the individual, CPDP may ascertain the infringement of certain rights in the course of implementing its activity. In this case the envisaged by the law procedures shall be undertaken in order to protect the infringed rights, including notifying the concerned person.
 
2. BY ORDER OF THE COURT
Art.39 of LPDP provides that in case of infringement of their rights under this law, any individual shall be entitled to appeal against actions and acts of the data controller before the relevant administrative court or the Supreme Administrative Court in compliance with the general jurisdiction rules. In this proceeding the individual may claim compensation for any suffered damages as a result of unlawful processing of personal data by the data controller.
Non-submitting a petition to CPDP shall not impede the court appeal, however the individual shall not be entitled to approach the court, in case he/she has suspended proceedings before KPDP for the same infringement or in case the same infringement has been appealed and there is no enforced court judgment.

Commission for Personal Data Protection, Sofia, 2 Prof. Tsvetan Lazarov Blvd.