The classic trap
Article 19 is the forgotten obligation among data subject rights. When an organisation rectifies, erases or restricts data following a request, it handles the initial request but forgets to propagate the action downstream, to every recipient to whom the data had been disclosed. The CNPD and the CNIL sanction precisely this missing link: the corrected data on your side stays wrong or deleted at your processors, partners and recipients. Abusive reliance on the disproportionate effort exception, without any concrete demonstration, is an aggravating factor regularly noted during audits.
The practical traps in downstream propagation
- You handle the erasure request (Article 17) but the data survives in the partner CRM, the marketing tool and the analytics platform where it had been exported.
- You invoke disproportionate effort without recording any reasoning: the exception becomes indefensible before the authority.
- You keep no register of the recipients to whom each data element was disclosed, so you cannot notify, nor even answer when the data subject asks for the list.
- You confuse Article 19 (notification to recipients) with Article 15 (right of access): the data subject can demand the list of actual recipients, not just categories.
- Rectification (Article 16) is propagated, but restriction of processing (Article 18) never is, for lack of a technical freezing mechanism.
The 'disproportionate effort' test before the CNPD
The exception is not a blank cheque. To raise it validly, you must document the number of recipients, the absence of an automated notification channel, the real cost and the demonstrable effort. Without this traceability, the authority considers that you simply failed to perform the obligation.
How Luxgap automates this risk
Our Luxgap Downstream Sync Tracker makes the Article 19 blind spot impossible: as soon as a rectification, erasure or restriction is validated, the tool triggers and traces propagation to every actual recipient of the data. It continuously maps outbound flows by cross-referencing your M365, Salesforce and Odoo connectors, your API webhooks and your analytics exports, to reconstruct the exact list of recipients to notify, without the DPO having to guess it.
- Automatically detects each actual recipient to whom data was disclosed, by analysing outbound flows in Salesforce, Odoo, M365 and your export pipelines.
- Triggers the notification of rectification, erasure or restriction to each recipient as soon as an Article 16, 17 or 18 right is executed.
- Generates and qualifies the disproportionate effort test with documented reasoning (number of recipients, available channels, estimated cost), enforceable during an audit.
- Builds the recipient list ready to provide to the data subject when they request it, in line with the final sentence of Article 19.
- Tracks restriction of processing (Article 18) through to the effective freeze at each recipient, and alerts on propagation breaks.
- Produces a timestamped PDF report enforceable before the CNPD, demonstrating that each request was propagated downstream and Article 5(2) accountability.
Available as a complement to a Luxgap DPO mandate or as a dedicated SaaS module depending on your scope. Request a personalised quote and our teams will prepare a demonstration on your real flows, with a free scan within 48h to measure your exposure before any commitment.