Expert Advice Community

Guest

Data Breach Register

  Quote
Guest
Guest user Created:   Apr 13, 2018 Last commented:   Apr 13, 2018

Data Breach Register

Where does the limit go for reporting to the authority about a data breach. For example if a document containing personal data is found opened in the office, but it is an internal matter, are we obligated to report this to the authority or can we just keep a log internally. Is there any defined limit for this matter?
0 0

Assign topic to the user

EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Apr 13, 2018

Answer:

EU GDPR requires controllers to report personal data breaches “ without undue delay and, where feasible, not later than 72 hours after having become aware of it” to the Supervisory Authority if the breach is likely to result in a risk to the rights and freedoms of natural persons (Article 33 - Notification of a personal data breach to the supervisory authority https://advisera.com/eugdpracademy/gdpr/notification-of-a-personal-data-breach-to-the-supervisory-authority/
However if a breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay (Article 34 - Communication of a personal data breach to the data subject https://advisera.com/eugdpracademy/gdpr/communication-of-a-personal-data-breach-to-the-data-subject/
Controllers are not required to notify the data breach if the data breach is unlikely to result in a risk to the rights and freedoms of the data subjects.

So, is the controller that needs to assess the severity of the data breach and decide which action to take.

To find out more about how to asses the severity of personal data breaches you can consult our whitepaper “Assessing the severity of personal data breaches according to GDPR” https://info.advisera.com/eugdpracademy/free-download/assessing-the-severity-of-personal-data-breaches-according-to-gdpr

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 13, 2018

Apr 13, 2018

Suggested Topics

Guest user Created:   Jul 28, 2018 EU GDPR
Replies: 1
0 0

Email addresses and data breaches

Guest user Created:   Nov 05, 2021 EU GDPR
Replies: 1
0 0

Questions for DPIA

Guest user Created:   Jul 09, 2019 EU GDPR
Replies: 1
0 0

GDPR Data Consent and Storage