Execution deadline in working days
Learn more
Any person
Learn more
Receiving restrictions

Get a service

Possibility for controllers to notify a breach of personal data protection.

Process description

  1. Submission of a personal data breach statement within 72 hours
    In the event of a breach of personal data protection, a security violation which results in the accidental or illegal destruction, loss, modification, unauthorised disclosure or access to personal data transmitted, stored or otherwise processed, the controller shall notify the State Data Inspectorate of the breach of personal data protection within 72 hours from the moment the breach became known to the controller. Notification to be submitted by completing the… form

    In the communication:
    • describe the nature of the breach of personal data protection, including, where possible, the categories and estimated number of data subjects concerned and the categories and approximate number of personal data records concerned;
    • indicate the name and contact details of the data protection specialist or any other contact point where additional information can be obtained;
    • describe the potential consequences of a personal data breach;
    • describe actions or measures taken or proposed by the controller to prevent a personal data breach, including, where appropriate, measures to mitigate its potential adverse effects.

    If the notification to the State Data Inspectorate has not taken place within 72 hours, an explanation of the reasons for the delay shall be attached to the notification of the infringement.
    The notification of the infringement shall be submitted to the State Data Inspectorate.

Get a service