<!DOCTYPE html> <html lang="en" dir="ltr" prefix="og: https://ogp.me/ns#"> <head> <meta charset="utf-8" /> <meta name="description" content="From 12 December 2018, under Regulation (EU) 1725/2018 all European institutions and bodies have a duty to report certain types of personal data breaches to the EDPS. Every EU institution must do this within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to pose a ..." /> <link rel="canonical" href="https://www.edps.europa.eu/data-protection/our-role-supervisor/personal-data-breach_en" /> <meta name="robots" content="index, follow" /> <meta property="og:site_name" content="European Data Protection Supervisor" /> <meta property="og:url" content="https://www.edps.europa.eu/data-protection/our-role-supervisor/personal-data-breach_en" /> <meta property="og:title" content="Personal Data Breach" /> <meta property="og:description" content="From 12 December 2018, under Regulation (EU) 1725/2018 all European institutions and bodies have a duty to report certain types of personal data breaches to the EDPS. Every EU institution must do this within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to pose a ..." /> <meta property="og:image" content="https://www.edps.europa.eu/themes/custom/edpsweb_theme/og_image.png" /> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" /> <meta name="MobileOptimized" content="width" /> <meta name="HandheldFriendly" content="true" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <meta http-equiv="x-ua-compatible" content="ie=edge" /> <link rel="icon" href="/themes/custom/edpsweb_theme/favicon.ico" type="image/vnd.microsoft.icon" /> <link rel="alternate" hreflang="de" href="https://www.edps.europa.eu/protection-des-donnees/notre-role-en-tant-que-controleur/violation-de-donnees-caractere-personnel_de" /> <link rel="alternate" hreflang="en" href="https://www.edps.europa.eu/data-protection/our-role-supervisor/personal-data-breach_en" /> <link rel="alternate" hreflang="fr" href="https://www.edps.europa.eu/protection-des-donnees/notre-role-en-tant-que-controleur/violation-de-donnees-caractere-personnel_fr" /> <title>Personal Data Breach | European Data Protection Supervisor</title> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/align.module.css?snk5ny" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/fieldgroup.module.css?snk5ny" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/container-inline.module.css?snk5ny" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/clearfix.module.css?snk5ny" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/details.module.css?snk5ny" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/hidden.module.css?snk5ny" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/item-list.module.css?snk5ny" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/js.module.css?snk5ny" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/nowrap.module.css?snk5ny" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/position-container.module.css?snk5ny" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/reset-appearance.module.css?snk5ny" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/resize.module.css?snk5ny" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/system-status-counter.css?snk5ny" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/system-status-report-counters.css?snk5ny" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/system-status-report-general-info.css?snk5ny" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/tablesort.module.css?snk5ny" /> <link rel="stylesheet" media="all" href="/modules/custom/edps_cookies/css/cookies-popup.css?snk5ny" /> <link rel="stylesheet" media="all" href="/core/modules/views/css/views.module.css?snk5ny" /> <link rel="stylesheet" media="all" href="/themes/contrib/bootstrap_barrio/css/components/node.css?snk5ny" /> <link rel="stylesheet" media="all" href="/themes/custom/edpsweb_theme/build/css/edpsweb_theme.min.css?snk5ny" /> <link rel="stylesheet" media="all" href="/themes/contrib/bootstrap_barrio/css/components/breadcrumb.css?snk5ny" /> <link rel="me" href="https://social.network.europa.eu/@EDPS"> </head> <body class="layout-one-sidebar layout-sidebar-second page-node-5046 path-node node--type-edpsweb-page"> <a href="#main-content" class="visually-hidden focusable skip-link"> Skip to main content </a> <script type="application/json">{"utility":"globan","theme":"light","logo":true,"link":true,"mode":false}</script> <div class="dialog-off-canvas-main-canvas" data-off-canvas-main-canvas> <div id="page-wrapper"> <div id="page"> <header id="header" class="header" role="banner" aria-label="Site header"> <nav class="navbar navbar-light bg-white" id="navbar-top"> <div class="container"> <div class="top-headers"> <section class="region region-top-header"> <div class="system-branding"> <a href="/_en" title="Home" rel="home" class="navbar-brand"> <img src="/themes/custom/edpsweb_theme/logo.svg" alt="Home" class="img-fluid" /> </a> <div class="site-infos"> <div class="site-name">European Data Protection Supervisor</div> <div class="site-slogan"></div> </div> </div> </section> <section class="region region-top-header-right"> <div class="language-switcher-oe-multilingual-url-suffix-negotiation-method block block-language block-language-blocklanguage-interface" id="block-edpsweb-theme-language-switcher" role="navigation"> <div class="content"> <div class="links dropdown"><button class="btn btn-link dropdown-toggle" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> English (en) </button><ul class="dropdown-menu"><li class="dropdown-item"> <a href="/protection-des-donnees/notre-role-en-tant-que-controleur/violation-de-donnees-caractere-personnel_de" class="language-link" hreflang="de" data-drupal-link-system-path="node/5046">Deutsch (de)</a> </li><li class="dropdown-item"> <a href="/protection-des-donnees/notre-role-en-tant-que-controleur/violation-de-donnees-caractere-personnel_fr" class="language-link" hreflang="fr" data-drupal-link-system-path="node/5046">français (fr)</a> </li></ul> </div> </div> </div> <div> <ul class="social-links"> <li> <a href="https://twitter.com/EU_EDPS" class="social-link social-link-x" title="EDPS on X" rel="noopener" target="_blank"> <span class="sr-only">X</span> </a> </li> <li> <a href="https://social.network.europa.eu/@EDPS" class="social-link social-link-mastodon" title="EDPS on EU Voice" rel="noopener" target="_blank"> <span class="sr-only">EU Voice</span> </a> </li> <li> <a href="https://www.linkedin.com/company/edps" class="social-link social-link-linkedin" title="EDPS on Linkedin" rel="noopener" target="_blank"> <span class="sr-only">LinkedIn</span> </a> </li> <li> <a href="https://www.instagram.com/eu_edps" class="social-link social-link-instagram" title="EDPS on Instagram" rel="noopener" target="_blank"> <span class="sr-only">Instagram</span> </a> </li> <li> <a href="https://open.spotify.com/show/2JlsePIpCNTQfTGTDGhUyd" class="social-link social-link-spotify" title="EDPS Podcasts on Spotify" rel="noopener" target="_blank"> <span class="sr-only">Spotify</span> </a> </li> <li> <a href="https://www.youtube.com/user/EDPS2011" class="social-link social-link-youtube" title="EDPS on YouTube" rel="noopener" target="_blank"> <span class="sr-only">YouTube</span> </a> </li> <li> <a class="social-link social-link-peertube" href="https://tube.network.europa.eu/a/edps/video-channels" title="EDPS on EU Video" rel="noopener" target="_blank"> <span class="sr-only">EU Video</span> </a> </li> <li> <a href="/feed/news_en" class="social-link social-link-rss" title="EDPS RSS Feed" target="_blank"> <span class="sr-only">RSS Feed</span> </a> </li> </ul> <a class="dpn-header" href="/about-edps/data-protection-edps_en" title="Data Protection Notice">Data Protection Notice</a> </div> </section> </div> </div> </nav> <nav class="navbar navbar-dark bg-primary navbar-expand-md" id="navbar-main"> <div class="container"> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#collapsing-navbar" aria-controls="collapsing-navbar" aria-expanded="false" aria-label="Toggle navigation"> <i class="fas fa-bars"></i> </button> <span class="navbar-mobile-title">European Data Protection Supervisor</span> <div class="collapse navbar-collapse" id="collapsing-navbar"> <div class="navbar-collapse-content"> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#collapsing-navbar" aria-controls="collapsing-navbar" aria-expanded="false" aria-label="Toggle navigation"> <i class="fas fa-times"></i> </button> <nav role="navigation" aria-labelledby="block-edpsweb-theme-main-navigation-menu" id="block-edpsweb-theme-main-navigation" class="block block-menu navigation menu--main"> <h2 class="sr-only" id="block-edpsweb-theme-main-navigation-menu">Main navigation</h2> <ul id="block-edpsweb-theme-main-navigation" block="block-edpsweb-theme-main-navigation" class="clearfix nav navbar-nav"> <li class="nav-item"> <a href="/_en" class="nav-link" data-drupal-link-system-path="&lt;front&gt;">Home</a> </li> <li class="nav-item menu-item--expanded dropdown"> <a href="/about-edps_en" class="nav-link" data-toggle="dropdown" aria-expanded="false" aria-haspopup="true" data-drupal-link-system-path="node/4">About</a> <ul class="dropdown-menu"> <a href="#" class="dropdown-menu-close"> <i class="fas fa-arrow-circle-left"></i> </a> <li class="dropdown-item menu-item--expanded"> <a href="/about/supervisor_en" data-drupal-link-system-path="node/8">The Supervisor</a> <ul> <li class="dropdown-item"> <a href="/about-edps/members-mission/supervisors/wojciech-wiewi%C3%B3rowski_en" data-display-title="1" data-hide-children="0" data-remove-class="0" data-drupal-link-system-path="node/3951">Wojciech Wiewiórowski</a> </li> <li class="dropdown-item"> <a href="/about/supervisor/secretary-general_en" data-drupal-link-system-path="node/12116">The Secretary-General</a> </li> <li class="dropdown-item"> <a href="/about-edps/members-mission/agenda_en" data-drupal-link-system-path="about-edps/members-mission/agenda">Agenda</a> </li> </ul> </li> <li class="dropdown-item menu-item--expanded"> <a href="/about-edps/edps-secretariat_en" data-drupal-link-system-path="node/3930">The Office of the EDPS</a> <ul> <li class="dropdown-item"> <a href="/about/office-edps/edps-rules-procedure_en" data-drupal-link-system-path="node/10361">EDPS Rules of Procedure</a> </li> <li class="dropdown-item menu-item--expanded"> <a href="/careers_en" data-drupal-link-system-path="node/19">Careers</a> </li> <li class="dropdown-item"> <a href="/about-edps/public-procurement_en" data-drupal-link-system-path="node/5436">Public procurement</a> </li> </ul> </li> <li class="dropdown-item menu-item--expanded"> <a href="/about-edps/data-protection-edps_en" data-drupal-link-system-path="node/20">Data Protection within the EDPS</a> <ul> <li class="dropdown-item"> <a href="/about/data-protection-within-edps/data-protection-officer-edps_en" data-drupal-link-system-path="node/4004">The DPO at the EDPS</a> </li> <li class="dropdown-item"> <a href="/about/data-protection-within-edps/records-register_en" data-drupal-link-system-path="node/5005">Records Register</a> </li> <li class="dropdown-item"> <a href="/about-edps/legal-notices_en" data-display-title="1" data-hide-children="0" data-remove-class="0" data-drupal-link-system-path="node/21">Cookies</a> </li> </ul> </li> <li class="dropdown-item menu-item--expanded"> <a href="/about/about-us_en" data-drupal-link-system-path="node/6221">About Us</a> <ul> <li class="dropdown-item"> <a href="/about-edps/legal-notices/copyright_en" data-drupal-link-system-path="node/25">Copyright</a> </li> <li class="dropdown-item menu-item--expanded"> <a href="/about-edps/contact_en" data-drupal-link-system-path="node/11">Contact Us</a> </li> </ul> </li> <li class="dropdown-item menu-item--expanded"> <a href="/about/transparency-and-access-documents_en" data-drupal-link-system-path="node/8331">Transparency and Access to Documents</a> <ul> <li class="dropdown-item"> <a href="/about/transparency/public-access-documents-register_en" data-drupal-link-system-path="node/7761">Public Access to Documents Register</a> </li> </ul> </li> </ul> </li> <li class="nav-item menu-item--expanded active dropdown"> <a href="/data-protection_en" class="nav-link active" data-toggle="dropdown" aria-expanded="false" aria-haspopup="true" data-drupal-link-system-path="node/5">Data Protection</a> <ul class="dropdown-menu"> <a href="#" class="dropdown-menu-close"> <i class="fas fa-arrow-circle-left"></i> </a> <li class="dropdown-item menu-item--expanded"> <a href="/data-protection/data-protection_en" data-drupal-link-system-path="node/26">Data Protection</a> <ul> <li class="dropdown-item"> <a href="/data-protection/data-protection/legislation_en" data-drupal-link-system-path="node/27">Legislation</a> </li> <li class="dropdown-item"> <a href="/data-protection/data-protection/legislation/history-general-data-protection-regulation_en" data-drupal-link-system-path="node/2866">The History of the GDPR</a> </li> <li class="dropdown-item menu-item--collapsed"> <a href="/data-protection/data-protection/reference-library_en" data-drupal-link-system-path="node/29">Reference Library</a> </li> <li class="dropdown-item"> <a href="/data-protection/data-protection/case-law-and-guidance_en" data-drupal-link-system-path="node/30">Court Cases</a> </li> <li class="dropdown-item menu-item--collapsed"> <a href="/data-protection/data-protection/glossary_en" data-drupal-link-system-path="node/3094">Glossary</a> </li> </ul> </li> <li class="dropdown-item menu-item--expanded active"> <a href="/data-protection/our-role-supervisor_en" class="active" data-drupal-link-system-path="node/31">Our role as a supervisor</a> <ul> <li class="dropdown-item"> <a href="https://www.edps.europa.eu/data-protection/our-work/our-work-by-type/audits_en">Audits</a> </li> <li class="dropdown-item"> <a href="/data-protection/our-role-supervisor/complaints_en" data-drupal-link-system-path="node/905">Complaints</a> </li> <li class="dropdown-item"> <a href="https://edps.europa.eu/data-protection/our-work/our-work-by-type/investigations_en">Investigations</a> </li> <li class="dropdown-item"> <a href="https://edps.europa.eu/data-protection/our-work/our-work-by-type/opinions-prior-check-and-prior-consultations_en">Prior Consultations</a> </li> <li class="dropdown-item"> <a href="https://edps.europa.eu/data-protection/our-work/our-work-by-type/supervisory-opinions_en">Supervisory Opinions</a> </li> <li class="dropdown-item"> <a href="https://edps.europa.eu/data-protection/our-work/our-work-by-type/authorisation-decisions-transfers_en">International Transfers</a> </li> <li class="dropdown-item active"> <a href="/data-protection/our-role-supervisor/personal-data-breach_en" class="active is-active" data-drupal-link-system-path="node/5046" aria-current="page">Personal Data Breach</a> </li> <li class="dropdown-item"> <a href="/data-protection/our-role-supervisor/use-edps-powers_en" data-drupal-link-system-path="node/6202">Use of EDPS Powers</a> </li> </ul> </li> <li class="dropdown-item menu-item--expanded"> <a href="/data-protection/our-role-advisor_en" data-drupal-link-system-path="node/35">Our role as an advisor</a> <ul> <li class="dropdown-item"> <a href="https://edps.europa.eu/data-protection/our-work/our-work-by-type/opinions_en">Opinions</a> </li> <li class="dropdown-item"> <a href="https://edps.europa.eu/data-protection/our-work/our-work-by-type/formal-comments_en">Formal Comments</a> </li> <li class="dropdown-item"> <a href="https://edps.europa.eu/data-protection/our-work/our-work-by-type/joint-opinions_en">Joint Opinions</a> </li> </ul> </li> <li class="dropdown-item menu-item--expanded"> <a href="/data-protection/technology-monitoring_en" data-drupal-link-system-path="node/45">Technology Monitoring</a> <ul> <li class="dropdown-item"> <a href="/data-protection/our-work/our-work-by-type/techdispatch_en" data-drupal-link-system-path="taxonomy/term/345">TechDispatch</a> </li> <li class="dropdown-item menu-item--collapsed"> <a href="/data-protection/technology-monitoring/techsonar_en" data-drupal-link-system-path="node/7590">TechSonar</a> </li> <li class="dropdown-item menu-item--expanded"> <a href="/data-protection/ipen-internet-privacy-engineering-network_en" data-display-title="1" data-hide-children="0" data-remove-class="0" data-drupal-link-system-path="node/47">IPEN</a> </li> <li class="dropdown-item"> <a href="/data-protection/technology-monitoring/data-protection-and-privacy-tools_en" data-drupal-link-system-path="node/13034">Data Protection and Privacy Tools</a> </li> </ul> </li> <li class="dropdown-item menu-item--expanded"> <a href="/data-protection/our-work_en" data-drupal-link-system-path="node/42">Our work</a> <ul> <li class="dropdown-item"> <a href="/data-protection/our-work/international-cooperation_en" data-drupal-link-system-path="node/44">International Cooperation</a> </li> <li class="dropdown-item menu-item--collapsed"> <a href="/data-protection/our-work/cooperation-eu-dpas_en" data-drupal-link-system-path="node/13115">Cooperation with EU DPAs</a> </li> </ul> </li> <li class="dropdown-item menu-item--expanded"> <a href="/data-protection/eu-institutions-dpo_en" data-drupal-link-system-path="node/50">DPOs</a> <ul> <li class="dropdown-item"> <a href="/data-protection/eu-institutions-dpo/network-dpos_en" data-drupal-link-system-path="node/53">DPO network list</a> </li> <li class="dropdown-item"> <a href="/data-protection/eu-institutions-dpo/reports_en" data-drupal-link-system-path="node/55">Survey reports</a> </li> <li class="dropdown-item"> <a href="/data-protection/dpos/edps-dpos-meetings_en" data-drupal-link-system-path="node/3208">EDPS-DPOs meetings</a> </li> </ul> </li> <li class="dropdown-item"> <a href="/data-protection/supervision-coordination_en" data-drupal-link-system-path="node/37">Supervision Coordination</a> </li> <li class="dropdown-item"> <a href="/data-protection/links_en" data-display-title="1" data-hide-children="0" data-remove-class="0" data-drupal-link-system-path="node/56">Links</a> </li> <li class="dropdown-item menu-item--expanded"> <a href="/data-protection/search-publications_en" data-drupal-link-system-path="node/3035">Search by:</a> <ul> <li class="dropdown-item"> <a href="/data-protection/our-work/our-work-by-type_en" data-drupal-link-system-path="data-protection/our-work/our-work-by-type">Document</a> </li> <li class="dropdown-item"> <a href="/data-protection/our-work/subjects_en" data-drupal-link-system-path="data-protection/our-work/subjects">Topic</a> </li> </ul> </li> </ul> </li> <li class="nav-item menu-item--expanded dropdown"> <a href="/artificial-intelligence_en" class="nav-link" data-toggle="dropdown" aria-expanded="false" aria-haspopup="true" data-drupal-link-system-path="node/13612">Artificial Intelligence</a> <ul class="dropdown-menu"> <a href="#" class="dropdown-menu-close"> <i class="fas fa-arrow-circle-left"></i> </a> <li class="dropdown-item"> <a href="/artificial-intelligence/artificial-intelligence-act_en" data-drupal-link-system-path="node/13613">Artificial Intelligence Act</a> </li> <li class="dropdown-item"> <a href="https://www.edps.europa.eu/data-protection/our-work/subjects/artificial-intelligence_en">Our work on AI</a> </li> </ul> </li> <li class="nav-item menu-item--expanded dropdown"> <a href="/press-publications_en" class="nav-link" data-toggle="dropdown" aria-expanded="false" aria-haspopup="true" data-drupal-link-system-path="node/6">Press &amp; Publications</a> <ul class="dropdown-menu"> <a href="#" class="dropdown-menu-close"> <i class="fas fa-arrow-circle-left"></i> </a> <li class="dropdown-item menu-item--expanded"> <a href="/press-publications/press-news_en" data-drupal-link-system-path="node/62">Press &amp; News</a> <ul> <li class="dropdown-item"> <a href="/press-publications/press-news/news_en" data-drupal-link-system-path="press-publications/press-news/news">News</a> </li> <li class="dropdown-item"> <a href="/press-publications/press-news/press-releases_en" data-drupal-link-system-path="press-publications/press-news/press-releases">EDPS Press Releases</a> </li> <li class="dropdown-item"> <a href="https://edpb.europa.eu/our-work-tools/our-documents/publication-type/press-releases_en">EDPB Press Releases</a> </li> <li class="dropdown-item"> <a href="/press-publications/press-news/blog_en" data-display-title="1" data-hide-children="0" data-remove-class="0" data-drupal-link-system-path="press-publications/press-news/blog">Blog</a> </li> <li class="dropdown-item"> <a href="/press-publications/press-news/videos_en" data-drupal-link-system-path="press-publications/press-news/videos">Videos</a> </li> <li class="dropdown-item"> <a href="/press-publications/press-news/pictures_en" data-drupal-link-system-path="press-publications/press-news/pictures">Pictures</a> </li> <li class="dropdown-item menu-item--collapsed"> <a href="/press-publications/press-news/press-kit_en" data-drupal-link-system-path="node/63">Press Kit</a> </li> <li class="dropdown-item"> <a href="/data-protection/our-work/publications/brochures/edps-brochure-shaping-safer-digital-future_en" data-drupal-link-system-path="node/6193">EDPS Brochure: Shaping a Safer Digital Future</a> </li> <li class="dropdown-item"> <a href="/frequently-asked-questions_en" data-drupal-link-system-path="node/5973">Frequently Asked Questions</a> </li> </ul> </li> <li class="dropdown-item menu-item--expanded"> <a href="/press-publications/publications_en" data-drupal-link-system-path="node/65">Publications</a> <ul> <li class="dropdown-item menu-item--collapsed"> <a href="/press-publications/publications/strategy_en" data-drupal-link-system-path="node/3902">Strategy</a> </li> <li class="dropdown-item"> <a href="/annual-reports_en" data-drupal-link-system-path="node/76">Annual Reports</a> </li> <li class="dropdown-item"> <a href="/press-publications/publications/speeches-articles_en" data-drupal-link-system-path="node/503">Speeches &amp; Articles</a> </li> <li class="dropdown-item"> <a href="/press-publications/publications/annual-activity-reports_en" data-drupal-link-system-path="node/77">Annual Activity Reports</a> </li> <li class="dropdown-item"> <a href="https://edps.europa.eu/data-protection/our-work/our-work-by-type/brochures_en">Brochures</a> </li> <li class="dropdown-item"> <a href="/press-publications/publications/factsheets_en" data-drupal-link-system-path="node/3901">Factsheets</a> </li> <li class="dropdown-item menu-item--collapsed"> <a href="/press-publications/publications/newsletters_en" data-drupal-link-system-path="node/4231">Newsletters</a> </li> <li class="dropdown-item"> <a href="https://edps.europa.eu/press-publications/publications/podcasts_en">Podcasts</a> </li> </ul> </li> <li class="dropdown-item menu-item--expanded"> <a href="/press-publications/events_en" data-drupal-link-system-path="node/3288">Events</a> <ul> <li class="dropdown-item"> <a href="/european-conferences_en" data-drupal-link-system-path="node/4142">European Conferences</a> </li> <li class="dropdown-item"> <a href="/press-publications/events/international-conferences_en" data-drupal-link-system-path="node/4143">International Conferences</a> </li> </ul> </li> <li class="dropdown-item"> <a href="https://www.edps.europa.eu/data-protection/our-work/publications/book/2024-06-20-two-decades-personal-data-protection-whats-next_en">20th Anniversary Book</a> </li> <li class="dropdown-item"> <a href="/edps-inspection-software_en" data-drupal-link-system-path="node/5452">EDPS Inspection Software</a> </li> <li class="dropdown-item"> <a href="/comic-book_en" data-drupal-link-system-path="node/4938">Comic Book</a> </li> <li class="dropdown-item"> <a href="/press-publications/edps-support-independent-research-projects_en" data-drupal-link-system-path="node/13141">EDPS support to independent research projects</a> </li> </ul> </li> </ul> </nav> <div class="form-inline navbar-form"> <form id="navbar-search-form" action="/search_en" method="get" accept-charset="UTF-8"> <div class="form-row"> <input placeholder="Search" type="text" name="search" size="30" maxlength="128" class="form-text form-control"> <button type="submit" value="Apply" class="form-submit btn btn-primary"><i class="fas fa-search"></i></button> </div> </form> </div> </div> </div> </div> </nav> </header> <div id="block-breadcrumbs" class="block block-system block-system-breadcrumb-block"> <div class="content"> <nav role="navigation" aria-label="breadcrumb"> <div class="container"> <ol class="breadcrumb"> <li class="breadcrumb-item"> <a href="/_en"> <i class="fas fa-home"></i> </a> </li> <li class="breadcrumb-item"> <a href="/data-protection_en"> Data Protection </a> </li> <li class="breadcrumb-item"> <a href="/data-protection/our-role-supervisor_en"> Our role as a supervisor </a> </li> <li class="breadcrumb-item active"> Personal Data Breach </li> </ol> </div> </nav> </div> </div> <div id="main-wrapper" class="layout-main-wrapper clearfix"> <div id="main" class="container"> <div class="row row-offcanvas row-offcanvas-left clearfix"> <main class="main-content col" id="content" role="main"> <section class="section"> <a id="main-content" tabindex="-1"></a> <div data-drupal-messages-fallback class="hidden"></div><div id="block-pagetitle" class="block block-core block-page-title-block"> <a href="javascript:void();" onclick="window.print();" class="print-button" title="Print page">Print</a> <script type="application/json"> { "service": "etrans", "languages": { "exclude": ["en", "ru", "uk", "zh"] }, "renderAs": { "icon": true, "button": false, "link": true }, "include": "main h1.title, #block-edpsweb-theme-main-page-content, #block-edpsweb-documents-details-block, #block-views-block-edpsweb-public-access-to-docs-register-block-1, #block-edpsweb-timeline-block, #block-edpsweb-newsletter-block, #block-edpsweb-publication-display-block" } </script> <div class="content"> <h1 class="title"><span class="field field--name-title field--type-string field--label-hidden">Personal Data Breach</span> </h1> </div> </div> <div id="block-edpsweb-theme-main-page-content" class="block block-system block-system-main-block"> <div class="content"> <article class="node node--type-edpsweb-page node--view-mode-full clearfix"> <header> </header> <div class="node__content clearfix"> <div class="clearfix text-formatted field field--name-field-edpsweb-body field--type-text-with-summary field--label-hidden field__item"><p>From 12 December 2018, under Regulation (EU) 1725/2018 all European institutions and bodies have a duty to report certain types of personal data breaches to the EDPS. Every EU institution must do this within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to pose a high risk of adversely affecting individuals’ rights and freedoms, the EU Institution must also inform the &nbsp;individuals concerned without unnecessary delay.</p> <p>EU Institutions must ensure that they have prevention and detection mechanisms in place for personal data breaches, as well as investigation and internal reporting procedures. They must also ensure that when they identify a personal data breach, they are able to respond effectively to mitigate the negative effects of the breach on the individuals whose data has been compromised. They must also keep a record of all personal data breaches, including all details about the breach, regardless of any notification obligation to the EDPS.</p> <h4>How should EU institutions and bodies respond to a personal data breach?</h4> <p>The EDPS has published <a href="https://edps.europa.eu/data-protection/our-work/publications/guidelines/guidelines-personal-data-breach-notification_en">Guidelines on personal data breach notification for the EU Institutions and Bodies. </a>These provide practical advice on how to comply with the Regulation. The guidelines outline the approach that you should take in order to adequately respond to a personal data breach. We advise you to carefully read these guidelines before notifying a personal data breach.</p> <h4>How to report a personal data breach to the EDPS</h4> <p>You can report a personal data breach either by filling in the online form or by downloading the form and sending it to the following email address:&nbsp; <a href="mailto:DATA-BREACH-NOTIFICATION@edps.europa.eu">DATA-BREACH-NOTIFICATION@edps.europa.eu</a>.</p> <p>All communication must be encrypted. Therefore, when sending an email about a personal data breach to the EDPS data breach notification email address, any attachments must be encrypted (zip) and the password shared with the EDPS by alternate means (by text message or telephone call). Please include a separate telephone number in your email which we can use to contact you for the password.</p> <ul> <li>If you want to report a personal data breach via <a href="/form/personal-data-breach-notificatio_en">our online web form</a>, please read the <a href="https://edps.europa.eu/data-protection/our-work/publications/forms/data-breach-webform-user-guide_en">user guide</a>.</li> <li>If you want to download a the form please click <a href="https://www.edps.europa.eu/system/files/2024-11/data_breach_downloadform_en.docx">here</a>.</li> </ul> <p>If for any reason your initial notification was incomplete, you should submit further information when it becomes available. In this case, please submit a new notification form indicating the Case Reference number provided by the EDPS.</p> <p>If you send updated notifications to the functional mailbox, please include the following information in the subject line of the email: [Updated Breach Notification] [EU institution/body Name] [Case Reference number]</p> <p><a href="https://edps.europa.eu/data-protection/our-work/publications/data-protection-notices-records/2022-02-23-data-protection-notice-data-breach-web-form_en">Data Protection Notice</a></p> <p>Specific rules apply to the management of data breaches on operational personal data at Europol in accordance with Articles 34 and 35 of <a href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0794">Regulation 2016/794</a>.</p> <h4>EDPS-ENISA Conference: Towards accessing the risk in personal data breaches</h4> <p>The European Data Protection Supervisor and ENISA organised a conference in Brussels on 4th of April 2019 about personal data breach notification.</p> <p>The conference aims to address the aspect of assessing the risk of personal data breaches under the General Data Protection Regulation (GDPR) - (EU) 2016/679 and the Regulation (EU) 1725/2018 for the processing of personal data by EU Institutions and bodies.&nbsp;</p> <p>For more information please follow this <a href="https://www.enisa.europa.eu/events/edps-enisa-conference/edps-enisa-conference-towards-accessing-the-risk-in-personal-data-breaches">link</a>.</p> </div> </div> </article> </div> </div> </section> </main> <div class="sidebar_second sidebar col-md-4 order-last" id="sidebar_second"> <aside class="section" role="complementary"> <div class="views-element-container block block-views block-views-blockedpsweb-news-block-edpsweb-news-side card" id="block-edpsweb-news-side"> <div class="card-header"> <div class="float-right"> <a class="btn btn-sm btn-blue" href="/press-publications/press-news/news_en" title="+ View more news">&nbsp;+&nbsp;<span class="d-none d-lg-inline">View more news</span></a> </div> <h2>News</h2> </div> <div class="card-body"> <div class="content"> <div><div class="view view-edpsweb-news view-id-edpsweb_news view-display-id-block_edpsweb_news_side js-view-dom-id-059b86e42d426b36b25adcb811819dd8787a2f94f1162e21299bd00a94d3876d"> <div class="view-content"> <div class="views-row"> <article class="node node--type-edpsweb-news node--promoted clearfix"> <a id="news_13896"></a> <header> </header> <div class="node__content clearfix"> <h3 class="node__title"> <a href="https://20years.edps.europa.eu/en/talks/eliska-pirkova" rel="bookmark"><span class="field field--name-title field--type-string field--label-hidden">Introducing a new interview with Eliška Pírková</span> </a> </h3> <div class="field field--name-field-edpsweb-date field--type-datetime field--label-hidden field__item"><time datetime="2024-12-02T12:00:00Z" class="datetime">2 December 2024</time> </div> <div class="clearfix text-formatted field field--name-field-edpsweb-news-intro field--type-text-long field--label-hidden field__item"><p>Eliška is a legal expert and digital rights advocate known for her work in internet governance and online freedom of expression. Together we discuss freedom of expression, democracy, privacy and digital rights in the context of a "super election year".</p> </div> <div class="field field--name-field-edpsweb-news-link field--type-link field--label-hidden field__item"><a href="https://20years.edps.europa.eu/en/talks/eliska-pirkova">Watch it</a></div> </div> </article> </div> <div class="views-row"> <article class="node node--type-edpsweb-news node--promoted clearfix"> <a id="news_13895"></a> <header> </header> <div class="node__content clearfix"> <h3 class="node__title"> <a href="https://www.edps.europa.eu/press-publications/press-news/videos/mini-video-series-oral-history-data-protection-towards-convention-108_en" rel="bookmark"><span class="field field--name-title field--type-string field--label-hidden">Episode of mini video series is out!</span> </a> </h3> <div class="field field--name-field-edpsweb-date field--type-datetime field--label-hidden field__item"><time datetime="2024-11-29T12:00:00Z" class="datetime">29 November 2024</time> </div> <div class="clearfix text-formatted field field--name-field-edpsweb-news-intro field--type-text-long field--label-hidden field__item"><p>Join us as we speak with leading experts who witnessed the evolution of data protection globally first-hand. The second episode features&nbsp;Peter Hustinx and focuses on the work that led to the Council of Europe’s Convention 108.&nbsp;</p> </div> <div class="field field--name-field-edpsweb-news-link field--type-link field--label-hidden field__item"><a href="https://www.edps.europa.eu/press-publications/press-news/videos/mini-video-series-oral-history-data-protection-towards-convention-108_en">Watch it here</a></div> </div> </article> </div> <div class="views-row"> <article class="node node--type-edpsweb-news node--promoted clearfix"> <a id="news_13887"></a> <header> </header> <div class="node__content clearfix"> <h3 class="node__title"> <a href="https://20years.edps.europa.eu/en/talks/segolene-martin" rel="bookmark"><span class="field field--name-title field--type-string field--label-hidden">20 Talks with Ségolène Martin from Kantify</span> </a> </h3> <div class="field field--name-field-edpsweb-date field--type-datetime field--label-hidden field__item"><time datetime="2024-11-28T12:00:00Z" class="datetime">28 November 2024</time> </div> <div class="clearfix text-formatted field field--name-field-edpsweb-news-intro field--type-text-long field--label-hidden field__item"><p>In this episode, we welcome Mrs Ségolène Martin. Mrs Martin is a cofounder of Kantify and a pioneer in AI-driven health solutions. Dive deep with us to explore how Artificial Intelligence improves drug discovery in healthcare.&nbsp;</p> </div> <div class="field field--name-field-edpsweb-news-link field--type-link field--label-hidden field__item"><a href="https://20years.edps.europa.eu/en/talks/segolene-martin">Watch it here</a></div> </div> </article> </div> </div> </div> </div> </div> </div> </div> <div id="block-edpsweb-agenda-sidebar" class="block block-edps-agenda card"> <div class="card-header"> <div class="float-right"> <a class="btn btn-sm btn-blue" href="/about-edps/members-mission/agenda_en" title="+ View full agenda">&nbsp;+&nbsp;<span class="d-none d-lg-inline">View full agenda</span></a> </div> <h2>Agenda</h2> </div> <div class="card-body"> <div class="content"> <article class="node node--type-edpsweb-agenda node--promoted node--view-mode-teaser clearfix"> <a id="agenda_13886"></a> <header> <h3 class="node__title"> <time datetime="2024-12-03T12:00:00Z" class="datetime">3 December 2024</time> </h3> </header> <div class="node__content clearfix"> <div class="clearfix text-formatted field field--name-field-edpsweb-body field--type-text-with-summary field--label-hidden field__item"><p>Participation by Wojciech Wiewiórowski in reception organised by the Committee on Civil Liberties, Justice and Home Affairs (LIBE), Brussels, Belgium</p> </div> </div> </article> <article class="node node--type-edpsweb-agenda node--promoted node--view-mode-teaser clearfix"> <a id="agenda_13885"></a> <header> <h3 class="node__title"> <time datetime="2024-12-02T12:00:00Z" class="datetime">2 December 2024</time> </h3> </header> <div class="node__content clearfix"> <div class="clearfix text-formatted field field--name-field-edpsweb-body field--type-text-with-summary field--label-hidden field__item"><p>99th Plenary Session of the EDPB, Participation Wojciech Wiewiórowski, Brussels, Belgium</p> </div> </div> </article> <article class="node node--type-edpsweb-agenda node--promoted node--view-mode-teaser clearfix"> <a id="agenda_13884"></a> <header> <h3 class="node__title"> <time datetime="2024-11-28T12:00:00Z" class="datetime">28 November 2024</time> </h3> </header> <div class="node__content clearfix"> <div class="clearfix text-formatted field field--name-field-edpsweb-body field--type-text-with-summary field--label-hidden field__item"><p>"Transversal data protection enforcement issues", Speech by Wojciech Wiewiórowski at University of Utrecht, Utrecht, The Netherlands</p> </div> </div> </article> <article class="node node--type-edpsweb-agenda node--promoted node--view-mode-teaser clearfix"> <a id="agenda_13883"></a> <header> <h3 class="node__title"> <time datetime="2024-11-27T12:00:00Z" class="datetime">27 November 2024</time> </h3> </header> <div class="node__content clearfix"> <div class="clearfix text-formatted field field--name-field-edpsweb-body field--type-text-with-summary field--label-hidden field__item"><p>EDPS-DPO Meeting, Keynote speech by Leonardo Cervera Navas and Closing remarks by Wojciech Wiewiórowski, Luxembourg</p> </div> </div> </article> <article class="node node--type-edpsweb-agenda node--promoted node--view-mode-teaser clearfix"> <a id="agenda_13881"></a> <header> <h3 class="node__title"> <time datetime="2024-11-26T12:00:00Z" class="datetime">26 November 2024</time> </h3> </header> <div class="node__content clearfix"> <div class="clearfix text-formatted field field--name-field-edpsweb-body field--type-text-with-summary field--label-hidden field__item"><p>Wojciech Wiewiórowski gives lecture at ECPC Maastricht Advanced Masters in Privacy, Cybersecurity, and Data Protection at Fondation Universitaire Stichting, Brussels, Belgium</p> </div> </div> </article> </div> </div> </div> </aside> </div> </div> </div> </div> <footer class="site-footer"> <div class="container"> <section class="region region-footer"> <ul class="social-links"> <li> <a href="https://twitter.com/EU_EDPS" class="social-link social-link-x" title="EDPS on X" rel="noopener" target="_blank"> <span class="sr-only">X</span> </a> </li> <li> <a href="https://social.network.europa.eu/@EDPS" class="social-link social-link-mastodon" title="EDPS on EU Voice" rel="noopener" target="_blank"> <span class="sr-only">EU Voice</span> </a> </li> <li> <a href="https://www.linkedin.com/company/edps" class="social-link social-link-linkedin" title="EDPS on Linkedin" rel="noopener" target="_blank"> <span class="sr-only">LinkedIn</span> </a> </li> <li> <a href="https://www.instagram.com/eu_edps" class="social-link social-link-instagram" title="EDPS on Instagram" rel="noopener" target="_blank"> <span class="sr-only">Instagram</span> </a> </li> <li> <a href="https://open.spotify.com/show/2JlsePIpCNTQfTGTDGhUyd" class="social-link social-link-spotify" title="EDPS Podcasts on Spotify" rel="noopener" target="_blank"> <span class="sr-only">Spotify</span> </a> </li> <li> <a href="https://www.youtube.com/user/EDPS2011" class="social-link social-link-youtube" title="EDPS on YouTube" rel="noopener" target="_blank"> <span class="sr-only">YouTube</span> </a> </li> <li> <a class="social-link social-link-peertube" href="https://tube.network.europa.eu/a/edps/video-channels" title="EDPS on EU Video" rel="noopener" target="_blank"> <span class="sr-only">EU Video</span> </a> </li> <li> <a href="/feed/news_en" class="social-link social-link-rss" title="EDPS RSS Feed" target="_blank"> <span class="sr-only">RSS Feed</span> </a> </li> </ul> <nav role="navigation" aria-labelledby="block-footerlinks-menu" id="block-footerlinks" class="block block-menu navigation menu--menu-edpsweb-footer-links"> <h2 class="sr-only" id="block-footerlinks-menu">Footer Links</h2> <ul block="block-footerlinks" class="clearfix nav"> <li class="nav-item"> <a href="/about-edps/data-protection-edps_en" class="nav-link nav-link--about-edps-data-protection-edps-en" data-drupal-link-system-path="node/20">Data Protection Notice</a> </li> <li class="nav-item"> <a href="/about-edps/legal-notices_en" class="nav-link nav-link--about-edps-legal-notices-en" data-drupal-link-system-path="node/21">Cookies</a> </li> </ul> </nav> </section> </div> </footer> </div> </div> </div> <script type="application/json" data-drupal-selector="drupal-settings-json">{"path":{"baseUrl":"\/","pathPrefix":"","currentPath":"node\/5046","currentPathIsAdmin":false,"isFront":false,"currentLanguage":"en"},"pluralDelimiter":"\u0003","suppressDeprecationErrors":true,"edp_cookies_popup":{"popupHtml":"\u003Cdiv id=\u0022edp-cookies-banner\u0022\u003E\n \u003Cdiv class=\u0022banner-text\u0022\u003E\n \u003Cp\u003EThis website uses necessary cookies to function.\u003Cbr\/\u003E\r\nIf you give us your consent, we will also use cookies, when you visit our website, which allow us to collect data for aggregated statistics to improve our services.\u003Cbr\/\u003E\r\nMore information on \u003Ca href=\u0022\/about-edps\/legal-notices_en\u0022 title=\u0022Cookies\u0022\u003Ecookies\u003C\/a\u003E and \u003Ca href=\u0022\/about-edps\/data-protection-edps_en\u0022 title=\u0022Data protection\u0022\u003Edata protection\u003C\/a\u003E.\u003C\/p\u003E\n \u003C\/div\u003E\n \u003Cdiv class=\u0022banner-buttons\u0022\u003E\n \u003Cbutton class=\u0022btn btn-default edp-cookies-accept\u0022 type=\u0022button\u0022\u003EAccept cookies for aggregated statistics\u003C\/button\u003E\n \u003Cbutton class=\u0022btn btn-default edp-cookies-refuse\u0022 type=\u0022button\u0022\u003ENo thanks, only necessary cookies\u003C\/button\u003E\n \u003C\/div\u003E\n\u003C\/div\u003E","siteID":"9b49968a-a84a-46f8-adc5-ba3b6a2c7502","piwikURL":"https:\/\/webanalytics.europa.eu\/","expires":"180"},"user":{"uid":0,"permissionsHash":"83c478be4087ec168d2bca3268d0d09db64e824ee149cd3cd9d0534501857b74"}}</script> <script src="/core/assets/vendor/jquery/jquery.min.js?v=3.7.1"></script> <script src="/core/misc/drupalSettingsLoader.js?v=10.3.10"></script> <script src="/core/misc/drupal.js?v=10.3.10"></script> <script src="/core/misc/drupal.init.js?v=10.3.10"></script> <script src="/core/assets/vendor/js-cookie/js.cookie.min.js?v=3.0.5"></script> <script src="/modules/custom/edps_cookies/js/cookies-popup.js?v=1.x"></script> <script src="/themes/custom/edpsweb_theme/build/js/edpsweb_theme.min.js?v=10.3.10"></script> <script src="https://webtools.europa.eu/load.js" defer></script> </body> </html>