EU GDPR Readiness Assessment - Supervisory Authority
1. In Q23, of EU GDPR Readiness Assessment
23) Is a process in place to ensure the appropriate supervisory authority is notified within 72 hours of a confirmed data breach?
Who would the "Supervisory Authority" be? If in the US, who? If in the EU who?
2. Basically, who is to be notified within 72 hours of a confirmed data breach?
Assign topic to the user
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
"On Q23, of EU GDPR Readiness Assessment
23) Is a process in place to ensure the appropriate supervisory authority is notified within 72 hours of a confirmed data breach?
Who would the "Supervisory Authority" be? If in US, who? If in EU who?
Supervisory Authority is your own country Data Protection Authority as established in article 51 GDPR.
You can find the full list of Data Protection Authorities in the following link.
If you are based in the US, you may have a representative in the EU and therefore you will notify the Data Protection Authority of the country where your EU representative under article 27 GDPR is located.
If you do not have an EU representative (i.e. your data processing is occasional), and you are based in the US, you should, in any case, follow the Federal Trade Commission’s guidelines on data breach: https://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business
Useful resources for complying with EU GDPR: https://advisera.com/eugdpracademy/knowledgebase/useful-links/
Basically, who is to be notified within 72 hours of confirmed data breach?"
According to article 33 GDPR, the data controller must notify the data breach to its own country data protection authority without undue delay and within 72 hours. If there is a risk for freedom and rights of data subjects, it may be requested to notify the data breach to data subjects in order to allow them to take precautions. Paragraph 86 of the Preamble of GDPR states that such notification shall be made without undue delay within 72 hours or in accordance with the Supervisory Authority instructions.
Here you can find some useful resources about Data protection Authorities:
- The obligations of controllers towards Data Protection Authorities according to GDPR: https://advisera.com/eugdpracademy/blog/2017/12/11/the-obligations-of-controllers-towards-data-protection-authorities-according-to-gdpr/
- Free webinar – What to expect from Data Protection Authorities under GDPR: https://advisera.com/eugdpracademy/webinar/what-to-expect-from-data-protection-authorities-under-gdpr-free-webinar-on-demand/
You may also consider enrolling in this online EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
May 27, 2020