This chapter examines how the rights and responsibilities of the Data Controllers and Processors under General Data Protection Regulations (GDPR) can be enforced under the scheme of the regulation. There are four ways to enforce GDPR compliance: through "in‐house" modalities and mechanisms; by approaching the appropriate Supervisory Authority (SA); by going to court; and by having an Alternate Dispute Resolution (ADR) mechanism in place. If the in‐house mechanisms for resolving disputes fail, the next option open to data subjects would be approaching the SA. It is evident that any GDPR complaint or suit can be filed by the data subject directly or through a legal representative/attorney to represent their rights before the SA/court. Two scenarios for exercising judicial remedies against the SA are for appeal and delay. GDPR nowhere prohibits or allows a forum selection clause, leaving a vacuum in answering the issues.