CINXE.COM

Article 33. Notification of a personal data breach to the supervisory authority | GDPR made searchable by Algolia. Chapters, articles and recitals easily readable

<html lang="en"> <head> <title> Article 33. Notification of a personal data breach to the supervisory authority | GDPR made searchable by Algolia. Chapters, articles and recitals easily readable </title> <meta charset="utf-8" /> <meta name="google-site-verification" content="WhLt6CT_9M5ZmBN9aLyEQ6d0BWJvO8HDV5py9WFoMCc" /> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0" /> <link href="/static/img/favicon/favicon-64x64.32c6b9aff161.png" rel=icon sizes=64x64 type="image/png"> <link href="/static/img/favicon/favicon-48x48.d6a52ad61940.png" rel=icon sizes=48x48 type="image/png"> <link href="/static/img/favicon/favicon-32x32.275b262cc764.png" rel=icon sizes=32x32 type="image/png"> <link href="/static/img/favicon/favicon-16x16.a798eca57863.png" rel=icon sizes=16x16 type="image/png"> <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.10/css/all.css" integrity="sha384-+d0P83n9kaQMCwj8F4RJB66tzIwOKmrdb46+porD/OvrJ+37WqIM7UoBtwHO6Nlg" crossOrigin="anonymous" /> <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/instantsearch.css@7.0.0/themes/algolia-min.css" /> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/mark.js/8.11.1/jquery.mark.js"></script> <script src="/static/js/bootstrap.bundle.min.98d2c1da1c0a.js"></script> <link rel="stylesheet" href="/static/CACHE/css/dfbe1cbc128e.css" type="text/css" /> <link rel="canonical" href="https://gdpr.algolia.com/gdpr-article-33" /> <meta name="theme-color" content="#2050e0"> <meta property="og:locale" content="en" /> <meta property="og:type" content="article" /> <meta property="og:title" content="Article 33 | GDPR made searchable by Algolia. Chapters, articles and recitals easily readable"/> <meta property="og:description" content="Official text of GDPR–General Data Protection Regulation–made searchable by Algolia. Search Easily in chapters, articles and recitals to read faster and become GDPR compliant."/> <meta property='og:image' content='https://gdpr.algolia.com/static/img/GDPR-social-network-preview.jpg'> <meta property="og:url" content="https://gdpr.algolia.com/gdpr-article-33" /> <meta property="og:site_name" content="General Data Protection Regulation (GDPR)" /> <meta name="twitter:card" content="summary" /> <meta name='twitter:image:src' content='https://gdpr.algolia.com/static/img/GDPR-social-network-preview.jpg'> <meta name="twitter:description" content="Official text of GDPR–General Data Protection Regulation–made searchable by Algolia. Search Easily in chapters, articles and recitals to read faster and become GDPR compliant."/> <meta name="twitter:title" content="Article 33 | GDPR made searchable by Algolia. Chapters, articles and recitals easily readable" /> <link rel="alternate" hreflang="en" href="https://gdpr.algolia.com/gdpr-article-33"> <link rel="alternate" hreflang="mt" href="https://gdpr.algolia.com/mt/gdpr-article-33"> <link rel="alternate" hreflang="fr" href="https://gdpr.algolia.com/fr/gdpr-article-33"> <link rel="alternate" hreflang="hr" href="https://gdpr.algolia.com/hr/gdpr-article-33"> <link rel="alternate" hreflang="ro" href="https://gdpr.algolia.com/ro/gdpr-article-33"> <link rel="alternate" hreflang="sv" href="https://gdpr.algolia.com/sv/gdpr-article-33"> <link rel="alternate" hreflang="el" href="https://gdpr.algolia.com/el/gdpr-article-33"> <link rel="alternate" hreflang="cs" href="https://gdpr.algolia.com/cs/gdpr-article-33"> <link rel="alternate" hreflang="pl" href="https://gdpr.algolia.com/pl/gdpr-article-33"> <link rel="alternate" hreflang="it" href="https://gdpr.algolia.com/it/gdpr-article-33"> <link rel="alternate" hreflang="sk" href="https://gdpr.algolia.com/sk/gdpr-article-33"> <link rel="alternate" hreflang="de" href="https://gdpr.algolia.com/de/gdpr-article-33"> <link rel="alternate" hreflang="et" href="https://gdpr.algolia.com/et/gdpr-article-33"> <link rel="alternate" hreflang="da" href="https://gdpr.algolia.com/da/gdpr-article-33"> <link rel="alternate" hreflang="lt" href="https://gdpr.algolia.com/lt/gdpr-article-33"> <link rel="alternate" hreflang="bg" href="https://gdpr.algolia.com/bg/gdpr-article-33"> <link rel="alternate" hreflang="nl" href="https://gdpr.algolia.com/nl/gdpr-article-33"> <link rel="alternate" hreflang="es" href="https://gdpr.algolia.com/es/gdpr-article-33"> <link rel="alternate" hreflang="hu" href="https://gdpr.algolia.com/hu/gdpr-article-33"> <link rel="alternate" hreflang="lv" href="https://gdpr.algolia.com/lv/gdpr-article-33"> <link rel="alternate" hreflang="pt" href="https://gdpr.algolia.com/pt/gdpr-article-33"> <link rel="alternate" hreflang="ga" href="https://gdpr.algolia.com/ga/gdpr-article-33"> <link rel="alternate" hreflang="sl" href="https://gdpr.algolia.com/sl/gdpr-article-33"> <link rel="alternate" hreflang="fi" href="https://gdpr.algolia.com/fi/gdpr-article-33"> <!-- Google Tag Manager --> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-MN3XDGF');</script> <!-- End Google Tag Manager --> </head> <body> <form action="/i18n/setlang/" method="post" style="display:none;" id="language-form"><input type='hidden' name='csrfmiddlewaretoken' value='c10TIlorEJwXNJnGC01ORuYz1VPm3eCJ2pCNiDVRae0ewBpL0TI5KGMs3H92pYbE' /> <input name="next" type="hidden" value="" id="next-input"/> <input type="text" name="language" id="language-input"/> </form> <script type="text/javascript"> $(document).ready(function(){ var $languageForm = $('#language-form'); var $languageInput = $('#language-input'); var $nextInput = $('#next-input'); $('.dropdown-language .dropdown-item').click(function(){ $languageInput.val($(this).data('value')); $nextInput.val('/'); $languageForm.submit(); }); }); </script> <div class="row no-gutters"> <div class="menu-container d-lg-none d-xs-block"> <div class="d-block d-lg-none d-xs-block d-lg-none" id="mobile-menu"> <div class="dropdown dropdown-language dropup"> <button class="btn btn-secondary dropdown-toggle" type="button" id="dropdownMenuButton_mobile" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <img src="/static/img/en.png" srcset="/static/img/en@2x.png 2x, /static/img/en@3x.png 3x" alt="" /> </button> <div class="dropdown-menu dropdown-menu-right" aria-labelledby="dropdownMenuButton_mobile"> <a class="dropdown-item active" data-value="en" href="#"> <img src="/static/img/en.png" srcset="/static/img/en@2x.png 2x, /static/img/en@3x.png 3x" alt="" /> English </a> <a class="dropdown-item" data-value="de" href="#"> <img src="/static/img/de.png" srcset="/static/img/de@2x.png 2x, /static/img/de@3x.png 3x" alt="" /> German </a> <a class="dropdown-item" data-value="fr" href="#"> <img src="/static/img/fr.png" srcset="/static/img/fr@2x.png 2x, /static/img/fr@3x.png 3x" alt="" /> French </a> <a class="dropdown-item" data-value="es" href="#"> <img src="/static/img/es.png" srcset="/static/img/es@2x.png 2x, /static/img/es@3x.png 3x" alt="" /> Spanish </a> <a class="dropdown-item" data-value="it" href="#"> <img src="/static/img/it.png" srcset="/static/img/it@2x.png 2x, /static/img/it@3x.png 3x" alt="" /> Italian </a> <a class="dropdown-item" data-value="pt" href="#"> <img src="/static/img/pt.png" srcset="/static/img/pt@2x.png 2x, /static/img/pt@3x.png 3x" alt="" /> Portuguese </a> <a class="dropdown-item" data-value="nl" href="#"> <img src="/static/img/nl.png" srcset="/static/img/nl@2x.png 2x, /static/img/nl@3x.png 3x" alt="" /> Dutch </a> <a class="dropdown-item" data-value="hr" href="#"> <img src="/static/img/hr.png" srcset="/static/img/hr@2x.png 2x, /static/img/hr@3x.png 3x" alt="" /> Croatian </a> <a class="dropdown-item" data-value="hu" href="#"> <img src="/static/img/hu.png" srcset="/static/img/hu@2x.png 2x, /static/img/hu@3x.png 3x" alt="" /> Hungarian </a> <a class="dropdown-item" data-value="ro" href="#"> <img src="/static/img/ro.png" srcset="/static/img/ro@2x.png 2x, /static/img/ro@3x.png 3x" alt="" /> Romanian </a> <a class="dropdown-item" data-value="et" href="#"> <img src="/static/img/et.png" srcset="/static/img/et@2x.png 2x, /static/img/et@3x.png 3x" alt="" /> Estonian </a> <a class="dropdown-item" data-value="cs" href="#"> <img src="/static/img/cs.png" srcset="/static/img/cs@2x.png 2x, /static/img/cs@3x.png 3x" alt="" /> Czech </a> <a class="dropdown-item" data-value="el" href="#"> <img src="/static/img/el.png" srcset="/static/img/el@2x.png 2x, /static/img/el@3x.png 3x" alt="" /> Greek </a> <a class="dropdown-item" data-value="pl" href="#"> <img src="/static/img/pl.png" srcset="/static/img/pl@2x.png 2x, /static/img/pl@3x.png 3x" alt="" /> Polish </a> <a class="dropdown-item" data-value="sk" href="#"> <img src="/static/img/sk.png" srcset="/static/img/sk@2x.png 2x, /static/img/sk@3x.png 3x" alt="" /> Slovak </a> <a class="dropdown-item" data-value="ga" href="#"> <img src="/static/img/ga.png" srcset="/static/img/ga@2x.png 2x, /static/img/ga@3x.png 3x" alt="" /> Irish </a> <a class="dropdown-item" data-value="fi" href="#"> <img src="/static/img/fi.png" srcset="/static/img/fi@2x.png 2x, /static/img/fi@3x.png 3x" alt="" /> Finnish </a> <a class="dropdown-item" data-value="sl" href="#"> <img src="/static/img/sl.png" srcset="/static/img/sl@2x.png 2x, /static/img/sl@3x.png 3x" alt="" /> Slovenian </a> <a class="dropdown-item" data-value="sv" href="#"> <img src="/static/img/sv.png" srcset="/static/img/sv@2x.png 2x, /static/img/sv@3x.png 3x" alt="" /> Swedish </a> <a class="dropdown-item" data-value="mt" href="#"> <img src="/static/img/mt.png" srcset="/static/img/mt@2x.png 2x, /static/img/mt@3x.png 3x" alt="" /> Maltese </a> <a class="dropdown-item" data-value="da" href="#"> <img src="/static/img/da.png" srcset="/static/img/da@2x.png 2x, /static/img/da@3x.png 3x" alt="" /> Danish </a> <a class="dropdown-item" data-value="bg" href="#"> <img src="/static/img/bg.png" srcset="/static/img/bg@2x.png 2x, /static/img/bg@3x.png 3x" alt="" /> Bulgarian </a> <a class="dropdown-item" data-value="lv" href="#"> <img src="/static/img/lv.png" srcset="/static/img/lv@2x.png 2x, /static/img/lv@3x.png 3x" alt="" /> Latvian </a> <a class="dropdown-item" data-value="lt" href="#"> <img src="/static/img/lt.png" srcset="/static/img/lt@2x.png 2x, /static/img/lt@3x.png 3x" alt="" /> Lithuanian </a> </div> </div> </div> </div> <div class="col-sm-12 col-lg-4 col-xl-3 d-none d-lg-block"> <div class="left-container"> <div class="logo__container"> <a href="/"> <img src="/static/img/logo.ab423c61241b.svg" class="logo" /> </a> <h1 class="title__container"> <a href="/"> <span class="title">GDPR</span> </a> <span class="subtitle">Made searchable by <a href="https://www.algolia.com/?utm_medium=social-owned&utm_source=gdpr_search&utm_campaign=gdpr_search" target="_blank"> <img src="/static/img/algolia_logo.23c0fd3413de.svg" alt="Algolia logo"> </a> </span> </h1> </div> <div class="mainMenu"> <p class="mainMenu__title">Table of content</p> <ul> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER I</span> <span class="mainMenu__chapter__title"> General provisions&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 1 - 4 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-1"> Article 1. Subject-matter and objectives </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-2"> Article 2. Material scope </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-3"> Article 3. Territorial scope </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-4"> Article 4. Definitions </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER II</span> <span class="mainMenu__chapter__title"> Principles&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 5 - 11 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-5"> Article 5. Principles relating to processing of personal data </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-6"> Article 6. Lawfulness of processing </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-7"> Article 7. Conditions for consent </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-8"> Article 8. Conditions applicable to child&#39;s consent in relation to information society services </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-9"> Article 9. Processing of special categories of personal data </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-10"> Article 10. Processing of personal data relating to criminal convictions and offences </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-11"> Article 11. Processing which does not require identification </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER III</span> <span class="mainMenu__chapter__title"> Rights of the data subject&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 12 - 23 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-12"> Article 12. Transparent information, communication and modalities for the exercise of the rights of the data subject </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-13"> Article 13. Information to be provided where personal data are collected from the data subject </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-14"> Article 14. Information to be provided where personal data have not been obtained from the data subject </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-15"> Article 15. Right of access by the data subject </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-16"> Article 16. Right to rectification </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-17"> Article 17. Right to erasure (‘right to be forgotten’) </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-18"> Article 18. Right to restriction of processing </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-19"> Article 19. Notification obligation regarding rectification or erasure of personal data or restriction of processing </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-20"> Article 20. Right to data portability </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-21"> Article 21. Right to object </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-22"> Article 22. Automated individual decision-making, including profiling </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-23"> Article 23. Restrictions </a> </li> </ul> </li> <li class="mainMenu__chapter open"> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER IV</span> <span class="mainMenu__chapter__title"> Controller and processor&nbsp;&nbsp;<i class="fa fa-chevron-down"></i> </span> <span class="mainMenu__chapter__articles"> Art 24 - 43 </span> </a> <ul style=""> <li class="mainMenu__article"> <a href="/gdpr-article-24"> Article 24. Responsibility of the controller </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-25"> Article 25. Data protection by design and by default </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-26"> Article 26. Joint controllers </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-27"> Article 27. Representatives of controllers or processors not established in the Union </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-28"> Article 28. Processor </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-29"> Article 29. Processing under the authority of the controller or processor </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-30"> Article 30. Records of processing activities </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-31"> Article 31. Cooperation with the supervisory authority </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-32"> Article 32. Security of processing </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-33"> Article 33. Notification of a personal data breach to the supervisory authority </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-34"> Article 34. Communication of a personal data breach to the data subject </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-35"> Article 35. Data protection impact assessment </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-36"> Article 36. Prior consultation </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-37"> Article 37. Designation of the data protection officer </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-38"> Article 38. Position of the data protection officer </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-39"> Article 39. Tasks of the data protection officer </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-40"> Article 40. Codes of conduct </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-41"> Article 41. Monitoring of approved codes of conduct </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-42"> Article 42. Certification </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-43"> Article 43. Certification bodies </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER V</span> <span class="mainMenu__chapter__title"> Transfers of personal data to third countries or international organisations&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 44 - 50 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-44"> Article 44. General principle for transfers </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-45"> Article 45. Transfers on the basis of an adequacy decision </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-46"> Article 46. Transfers subject to appropriate safeguards </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-47"> Article 47. Binding corporate rules </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-48"> Article 48. Transfers or disclosures not authorised by Union law </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-49"> Article 49. Derogations for specific situations </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-50"> Article 50. International cooperation for the protection of personal data </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER VI</span> <span class="mainMenu__chapter__title"> Independent supervisory authorities&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 51 - 59 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-51"> Article 51. Supervisory authority </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-52"> Article 52. Independence </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-53"> Article 53. General conditions for the members of the supervisory authority </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-54"> Article 54. Rules on the establishment of the supervisory authority </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-55"> Article 55. Competence </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-56"> Article 56. Competence of the lead supervisory authority </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-57"> Article 57. Tasks </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-58"> Article 58. Powers </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-59"> Article 59. Activity reports </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER VII</span> <span class="mainMenu__chapter__title"> Cooperation and consistency&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 60 - 76 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-60"> Article 60. Cooperation between the lead supervisory authority and the other supervisory authorities concerned </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-61"> Article 61. Mutual assistance </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-62"> Article 62. Joint operations of supervisory authorities </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-63"> Article 63. Consistency mechanism </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-64"> Article 64. Opinion of the Board </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-65"> Article 65. Dispute resolution by the Board </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-66"> Article 66. Urgency procedure </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-67"> Article 67. Exchange of information </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-68"> Article 68. European Data Protection Board </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-69"> Article 69. Independence </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-70"> Article 70. Tasks of the Board </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-71"> Article 71. Reports </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-72"> Article 72. Procedure </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-73"> Article 73. Chair </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-74"> Article 74. Tasks of the Chair </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-75"> Article 75. Secretariat </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-76"> Article 76. Confidentiality </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER VIII</span> <span class="mainMenu__chapter__title"> Remedies, liability and penalties&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 77 - 84 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-77"> Article 77. Right to lodge a complaint with a supervisory authority </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-78"> Article 78. Right to an effective judicial remedy against a supervisory authority </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-79"> Article 79. Right to an effective judicial remedy against a controller or processor </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-80"> Article 80. Representation of data subjects </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-81"> Article 81. Suspension of proceedings </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-82"> Article 82. Right to compensation and liability </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-83"> Article 83. General conditions for imposing administrative fines </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-84"> Article 84. Penalties </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER IX</span> <span class="mainMenu__chapter__title"> Provisions relating to specific processing situations&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 85 - 91 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-85"> Article 85. Processing and freedom of expression and information </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-86"> Article 86. Processing and public access to official documents </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-87"> Article 87. Processing of the national identification number </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-88"> Article 88. Processing in the context of employment </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-89"> Article 89. Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-90"> Article 90. Obligations of secrecy </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-91"> Article 91. Existing data protection rules of churches and religious associations </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER X</span> <span class="mainMenu__chapter__title"> Delegated acts and implementing acts&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 92 - 93 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-92"> Article 92. Exercise of the delegation </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-93"> Article 93. Committee procedure </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER XI</span> <span class="mainMenu__chapter__title"> Final provisions&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 94 - 99 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-94"> Article 94. Repeal of Directive 95/46/EC </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-95"> Article 95. Relationship with Directive 2002/58/EC </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-96"> Article 96. Relationship with previously concluded Agreements </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-97"> Article 97. Commission reports </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-98"> Article 98. Review of other Union legal acts on data protection </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-99"> Article 99. Entry into force and application </a> </li> </ul> </li> </ul> </div> </div> </div> <div class="col-sm-12 col-lg-8 col-xl-6 main-column-content"> <div class="row header no-gutters"> <div class="mobile__container"> <div class="logo__container"> <a href="/"> <img src="/static/img/logo.ab423c61241b.svg" class="logo" /> </a> <h1 class="title__container"> <a href="/"> <span class="title">GDPR</span> </a> <span class="subtitle">Made searchable by <a href="https://www.algolia.com/?utm_medium=social-owned&utm_source=gdpr_search&utm_campaign=gdpr_search" target="_blank"> <img src="/static/img/algolia_logo.23c0fd3413de.svg" alt="Algolia logo"> </a> </span> </h1> </div> </div> <div class="col-12 search__container"> <a class="menu__btn d-lg-none"> <img src="/static/img/ic-menu.acccaf1de6b5.svg" class="ic-menu"> </a> <div class="algolia-logo-search"> <a href="https://www.algolia.com/?utm_medium=social-owned&utm_source=gdpr_search&utm_campaign=gdpr_search" target="_blank"> <svg xmlns="http://www.w3.org/2000/svg" width="62" height="31" viewBox="0 0 62 31"> <g fill="#81899C" fill-rule="evenodd"> <path fill-rule="nonzero" d="M10.202 7.434c-.497.378-1.18.564-2.057.564-.873 0-1.588-.13-2.145-.39V6.46c.352.159.728.283 1.122.375.398.092.768.137 1.109.137.5 0 .869-.09 1.107-.274a.883.883 0 0 0 .356-.735.901.901 0 0 0-.328-.706c-.219-.193-.67-.421-1.353-.685-.705-.274-1.201-.586-1.49-.94-.29-.35-.435-.774-.435-1.267 0-.62.229-1.106.688-1.462C7.233.547 7.85.37 8.62.37c.74 0 1.476.155 2.21.467l-.401.988c-.687-.276-1.3-.415-1.84-.415-.408 0-.72.085-.93.255a.83.83 0 0 0-.318.678c0 .193.044.36.128.495.085.137.225.267.419.388.193.123.54.283 1.046.482.568.226.984.439 1.248.635.263.196.457.417.58.665.124.245.185.538.185.873 0 .661-.248 1.179-.745 1.554zm2.53-.201c-.512-.509-.768-1.21-.768-2.102 0-.917.236-1.638.712-2.162.477-.525 1.13-.787 1.962-.787.772 0 1.382.225 1.83.675.447.45.67 1.068.67 1.857v.644h-3.895c.017.545.17.964.46 1.257.288.293.696.438 1.22.438.345 0 .667-.03.965-.094.298-.062.618-.166.96-.312v.97c-.305.138-.61.237-.921.293a5.77 5.77 0 0 1-1.063.087c-.908.001-1.62-.254-2.132-.764zm.956-3.787c-.238.24-.38.59-.426 1.049h2.653c-.007-.463-.123-.813-.348-1.052-.227-.239-.537-.359-.932-.359-.393 0-.709.12-.947.362zm8.269 3.669h-.043c-.282.342-.565.574-.85.697-.286.125-.653.186-1.1.186-.575 0-1.024-.148-1.345-.446-.322-.297-.483-.718-.483-1.264 0-.578.224-1.015.67-1.309.448-.294 1.131-.455 2.047-.482l1.01-.03v-.301c0-.36-.09-.627-.262-.803-.175-.18-.445-.268-.812-.268-.3 0-.587.042-.861.126-.276.085-.54.184-.794.3l-.401-.853c.317-.16.664-.28 1.041-.363a4.968 4.968 0 0 1 1.068-.124c.743 0 1.304.156 1.683.466.379.312.568.8.568 1.468v3.78h-.888l-.248-.78zm-.515-.393c.272-.242.409-.581.409-1.018v-.488l-.751.03c-.585.022-1.01.114-1.277.282-.266.168-.398.425-.398.77 0 .25.076.443.232.58.155.137.388.206.699.206.451 0 .813-.12 1.086-.362zm6.97-4.49l-.122 1.112c-.177-.04-.36-.06-.551-.06-.495 0-.899.154-1.207.466-.307.312-.462.715-.462 1.213v2.933h-1.24V2.284h.97l.165.989h.063c.194-.335.447-.601.758-.797.313-.196.65-.294 1.008-.294.249 0 .455.017.619.05zm1.423 5.023c-.459-.496-.69-1.207-.69-2.134 0-.945.242-1.67.722-2.177.483-.507 1.176-.761 2.087-.761.616 0 1.17.11 1.663.33l-.374.958c-.526-.195-.959-.293-1.301-.293-1.01 0-1.516.643-1.516 1.933 0 .63.125 1.103.377 1.419.253.316.622.475 1.108.475.553 0 1.077-.132 1.57-.397V7.65c-.22.125-.458.215-.709.269a4.28 4.28 0 0 1-.918.082c-.887-.003-1.559-.25-2.02-.745zm8.916.641v-3.45c0-.435-.09-.756-.271-.97-.183-.213-.47-.321-.865-.321-.521 0-.905.151-1.151.45-.243.3-.366.8-.366 1.503v2.788h-1.242V0h1.242v2.003c0 .321-.02.666-.063 1.03h.079c.169-.27.403-.48.705-.628a2.362 2.362 0 0 1 1.055-.223c1.417 0 2.126.685 2.126 2.055v3.66h-1.249z"/> <path d="M48.828 3.115c.418.537.628 1.29.628 2.26 0 .974-.213 1.732-.637 2.275-.425.542-1.012.813-1.768.813-.76 0-1.352-.27-1.773-.81h-.087l-.233.703H44V0h1.278v1.987c0 .147-.007.365-.022.655-.014.29-.025.475-.032.553h.054c.405-.59 1.005-.886 1.795-.886.75 0 1.336.27 1.755.806zm-3.201.674c-.225.3-.343.8-.35 1.5v.087c0 .721.117 1.245.349 1.57.233.323.61.485 1.136.485.454 0 .797-.177 1.031-.532.233-.354.352-.866.352-1.535 0-1.35-.466-2.025-1.403-2.025-.518 0-.887.15-1.115.45zm5.792-1.372l1.223 3.366c.186.48.31.93.37 1.354h.044c.034-.196.094-.435.18-.716.088-.28.548-1.615 1.382-4.003H56l-2.573 6.73C52.96 10.381 52.18 11 51.087 11a3.66 3.66 0 0 1-.826-.092V9.91c.192.043.411.065.658.065.618 0 1.05-.353 1.3-1.058l.223-.56-2.415-5.94h1.392z"/> <g fill-rule="nonzero"> <path d="M12.306 15a1.87 1.87 0 0 1 1.865 1.872V27.35a1.87 1.87 0 0 1-1.865 1.872H1.866A1.87 1.87 0 0 1 0 27.35V16.867C0 15.837.834 15 1.866 15h10.44zM7.25 18.593a4.012 4.012 0 0 0-4.003 4.02 4.008 4.008 0 0 0 4.003 4.017 4.012 4.012 0 0 0 4.003-4.02 4.006 4.006 0 0 0-4.003-4.017zm0 6.85a2.827 2.827 0 0 1-2.82-2.83 2.827 2.827 0 0 1 2.82-2.829 2.827 2.827 0 0 1 2.82 2.83c0 1.561-1.26 2.83-2.82 2.83zm0-2.972c0 .06.064.103.12.074l1.867-.97c.042-.021.055-.074.033-.116a2.32 2.32 0 0 0-1.933-1.179c-.043 0-.086.035-.086.083l-.001 2.108zm-2.614-3.658l-.246-.245a.61.61 0 0 0-.868 0l-.292.293a.615.615 0 0 0 0 .87l.24.243c.04.04.095.03.13-.008a4.484 4.484 0 0 1 1.023-1.028c.043-.026.047-.087.013-.125zm3.925-1.126a.616.616 0 0 0-.615-.617H6.513a.617.617 0 0 0-.614.617v.5c0 .056.052.096.107.082a4.5 4.5 0 0 1 2.451-.012.084.084 0 0 0 .104-.081l-.001-.489zM37.018 26.71c0 1.294-.33 2.238-.995 2.838-.664.6-1.68.9-3.047.9-.5 0-1.538-.097-2.368-.28l.305-1.502c.695.146 1.612.185 2.092.185.762 0 1.306-.155 1.63-.465.326-.311.485-.77.485-1.38v-.31a5.712 5.712 0 0 1-.742.28c-.305.092-.66.141-1.057.141-.523 0-1-.082-1.432-.247a2.99 2.99 0 0 1-1.11-.726 3.3 3.3 0 0 1-.718-1.202c-.17-.48-.257-1.336-.257-1.966 0-.59.092-1.33.271-1.824.185-.494.447-.92.801-1.274a3.67 3.67 0 0 1 1.275-.824 4.688 4.688 0 0 1 1.723-.324c.616 0 1.183.078 1.736.169.554.093 1.024.19 1.408.296v7.516zm-5.274-3.738c0 .794.174 1.675.524 2.044.35.367.8.551 1.354.551.3 0 .587-.044.854-.124.265-.084.48-.18.65-.297v-4.702a7.53 7.53 0 0 0-1.252-.16c-.689-.018-1.213.262-1.582.71-.363.452-.549 1.242-.549 1.978h.001zm14.278 0c0 .64-.092 1.123-.281 1.651a3.897 3.897 0 0 1-.8 1.351 3.534 3.534 0 0 1-1.242.867c-.485.203-1.233.32-1.605.32-.374-.006-1.116-.113-1.596-.32a3.626 3.626 0 0 1-1.238-.868 3.993 3.993 0 0 1-.806-1.35 4.477 4.477 0 0 1-.29-1.652c0-.64.086-1.254.281-1.778.195-.523.465-.969.815-1.342a3.646 3.646 0 0 1 1.242-.86c.48-.205 1.01-.301 1.582-.301.573 0 1.102.101 1.587.3.485.203.903.49 1.242.862.345.374.61.818.806 1.343.204.521.304 1.137.304 1.776h-.001zm-1.94.004c0-.818-.18-1.5-.53-1.973-.349-.48-.838-.719-1.465-.719-.625 0-1.116.238-1.465.718-.349.478-.519 1.155-.519 1.973 0 .83.175 1.387.523 1.867.35.483.841.72 1.467.72.625 0 1.116-.242 1.465-.72.349-.486.522-1.038.522-1.867l.002.001zm6.165 4.187c-3.11.013-3.11-2.51-3.11-2.912l-.004-8.95L49.03 15v8.89c0 .23 0 1.672 1.218 1.677v1.596zm3.343 0h-1.906v-8.179l1.907-.3v8.479zm-.956-9.372c.637 0 1.155-.514 1.155-1.148 0-.634-.513-1.147-1.155-1.147-.64 0-1.154.513-1.154 1.147s.52 1.148 1.155 1.148h-.001zm5.696.9c.626 0 1.155.078 1.582.232.428.156.77.373 1.024.649.253.277.432.655.539 1.052.111.396.165.833.165 1.312v4.871c-.29.064-.732.137-1.324.224-.591.087-1.256.13-1.993.13-.49 0-.942-.049-1.344-.141a2.833 2.833 0 0 1-1.043-.45 2.174 2.174 0 0 1-.675-.804c-.16-.329-.243-.794-.243-1.28 0-.464.092-.759.27-1.079.187-.32.433-.58.745-.784a3.163 3.163 0 0 1 1.085-.435 6.131 6.131 0 0 1 2.688.038v-.311c0-.217-.024-.425-.078-.619a1.335 1.335 0 0 0-.27-.517 1.263 1.263 0 0 0-.515-.349 2.25 2.25 0 0 0-.81-.146c-.438 0-.835.054-1.2.116a5.662 5.662 0 0 0-.892.219l-.229-1.556a7.85 7.85 0 0 1 1.048-.245 8.239 8.239 0 0 1 1.47-.126zm.16 6.872c.583 0 1.014-.033 1.315-.092v-1.927a3.627 3.627 0 0 0-.456-.093 4.605 4.605 0 0 0-.66-.048 4.07 4.07 0 0 0-.635.049c-.212.029-.407.087-.577.168-.169.084-.31.2-.412.35-.106.15-.155.237-.155.465 0 .447.155.702.436.873.287.174.665.257 1.146.257l-.002-.002zM21.029 18.74c.626 0 1.155.078 1.582.232.426.155.77.374 1.023.65.257.28.432.653.539 1.05.112.397.165.833.165 1.313v4.871c-.293.062-.733.136-1.324.222-.594.09-1.258.132-1.996.132-.49 0-.94-.048-1.344-.14a2.833 2.833 0 0 1-1.043-.45 2.183 2.183 0 0 1-.673-.806c-.161-.329-.244-.794-.244-1.278 0-.465.092-.76.272-1.08.184-.32.432-.58.742-.784a3.165 3.165 0 0 1 1.087-.436 6.222 6.222 0 0 1 1.95-.091c.228.025.476.068.737.131v-.31c0-.218-.023-.427-.077-.62a1.324 1.324 0 0 0-.272-.518 1.28 1.28 0 0 0-.515-.349 2.25 2.25 0 0 0-.81-.145c-.436 0-.834.054-1.198.116a5.345 5.345 0 0 0-.892.218l-.228-1.555c.239-.082.593-.164 1.048-.246a7.821 7.821 0 0 1 1.469-.127h.002zm.164 6.877c.583 0 1.015-.033 1.316-.092v-1.928a3.683 3.683 0 0 0-.457-.093 4.615 4.615 0 0 0-.66-.048c-.21 0-.423.015-.638.049a1.92 1.92 0 0 0-.576.169c-.17.083-.31.199-.412.35-.107.15-.155.236-.155.464 0 .447.154.702.435.873.281.169.665.258 1.145.258l.002-.002zm7.69 1.547c-3.109.013-3.109-2.51-3.109-2.912l-.007-8.952 1.896-.3v8.89c0 .23 0 1.672 1.218 1.677v1.594l.002.003z"/> </g> </g> </svg> </a> </div> <div id="search"></div> <script type="text/javascript"> window.language_code = "en"; window.react_mount = document.getElementById('search'); </script> <script type="text/javascript" src="/static/bundles/search-32e70e71dfb5db6f91df.c8b207e84e0f.js" ></script> <div class="d-none d-lg-block"> <div class="dropdown dropdown-language "> <button class="btn btn-secondary dropdown-toggle" type="button" id="dropdownMenuButton_desktop" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <img src="/static/img/en.png" srcset="/static/img/en@2x.png 2x, /static/img/en@3x.png 3x" alt="" /> </button> <div class="dropdown-menu dropdown-menu-right" aria-labelledby="dropdownMenuButton_desktop"> <a class="dropdown-item active" data-value="en" href="#"> <img src="/static/img/en.png" srcset="/static/img/en@2x.png 2x, /static/img/en@3x.png 3x" alt="" /> English </a> <a class="dropdown-item" data-value="de" href="#"> <img src="/static/img/de.png" srcset="/static/img/de@2x.png 2x, /static/img/de@3x.png 3x" alt="" /> German </a> <a class="dropdown-item" data-value="fr" href="#"> <img src="/static/img/fr.png" srcset="/static/img/fr@2x.png 2x, /static/img/fr@3x.png 3x" alt="" /> French </a> <a class="dropdown-item" data-value="es" href="#"> <img src="/static/img/es.png" srcset="/static/img/es@2x.png 2x, /static/img/es@3x.png 3x" alt="" /> Spanish </a> <a class="dropdown-item" data-value="it" href="#"> <img src="/static/img/it.png" srcset="/static/img/it@2x.png 2x, /static/img/it@3x.png 3x" alt="" /> Italian </a> <a class="dropdown-item" data-value="pt" href="#"> <img src="/static/img/pt.png" srcset="/static/img/pt@2x.png 2x, /static/img/pt@3x.png 3x" alt="" /> Portuguese </a> <a class="dropdown-item" data-value="nl" href="#"> <img src="/static/img/nl.png" srcset="/static/img/nl@2x.png 2x, /static/img/nl@3x.png 3x" alt="" /> Dutch </a> <a class="dropdown-item" data-value="hr" href="#"> <img src="/static/img/hr.png" srcset="/static/img/hr@2x.png 2x, /static/img/hr@3x.png 3x" alt="" /> Croatian </a> <a class="dropdown-item" data-value="hu" href="#"> <img src="/static/img/hu.png" srcset="/static/img/hu@2x.png 2x, /static/img/hu@3x.png 3x" alt="" /> Hungarian </a> <a class="dropdown-item" data-value="ro" href="#"> <img src="/static/img/ro.png" srcset="/static/img/ro@2x.png 2x, /static/img/ro@3x.png 3x" alt="" /> Romanian </a> <a class="dropdown-item" data-value="et" href="#"> <img src="/static/img/et.png" srcset="/static/img/et@2x.png 2x, /static/img/et@3x.png 3x" alt="" /> Estonian </a> <a class="dropdown-item" data-value="cs" href="#"> <img src="/static/img/cs.png" srcset="/static/img/cs@2x.png 2x, /static/img/cs@3x.png 3x" alt="" /> Czech </a> <a class="dropdown-item" data-value="el" href="#"> <img src="/static/img/el.png" srcset="/static/img/el@2x.png 2x, /static/img/el@3x.png 3x" alt="" /> Greek </a> <a class="dropdown-item" data-value="pl" href="#"> <img src="/static/img/pl.png" srcset="/static/img/pl@2x.png 2x, /static/img/pl@3x.png 3x" alt="" /> Polish </a> <a class="dropdown-item" data-value="sk" href="#"> <img src="/static/img/sk.png" srcset="/static/img/sk@2x.png 2x, /static/img/sk@3x.png 3x" alt="" /> Slovak </a> <a class="dropdown-item" data-value="ga" href="#"> <img src="/static/img/ga.png" srcset="/static/img/ga@2x.png 2x, /static/img/ga@3x.png 3x" alt="" /> Irish </a> <a class="dropdown-item" data-value="fi" href="#"> <img src="/static/img/fi.png" srcset="/static/img/fi@2x.png 2x, /static/img/fi@3x.png 3x" alt="" /> Finnish </a> <a class="dropdown-item" data-value="sl" href="#"> <img src="/static/img/sl.png" srcset="/static/img/sl@2x.png 2x, /static/img/sl@3x.png 3x" alt="" /> Slovenian </a> <a class="dropdown-item" data-value="sv" href="#"> <img src="/static/img/sv.png" srcset="/static/img/sv@2x.png 2x, /static/img/sv@3x.png 3x" alt="" /> Swedish </a> <a class="dropdown-item" data-value="mt" href="#"> <img src="/static/img/mt.png" srcset="/static/img/mt@2x.png 2x, /static/img/mt@3x.png 3x" alt="" /> Maltese </a> <a class="dropdown-item" data-value="da" href="#"> <img src="/static/img/da.png" srcset="/static/img/da@2x.png 2x, /static/img/da@3x.png 3x" alt="" /> Danish </a> <a class="dropdown-item" data-value="bg" href="#"> <img src="/static/img/bg.png" srcset="/static/img/bg@2x.png 2x, /static/img/bg@3x.png 3x" alt="" /> Bulgarian </a> <a class="dropdown-item" data-value="lv" href="#"> <img src="/static/img/lv.png" srcset="/static/img/lv@2x.png 2x, /static/img/lv@3x.png 3x" alt="" /> Latvian </a> <a class="dropdown-item" data-value="lt" href="#"> <img src="/static/img/lt.png" srcset="/static/img/lt@2x.png 2x, /static/img/lt@3x.png 3x" alt="" /> Lithuanian </a> </div> </div> </div> </div> <div class="d-lg-none spacer"></div> <div class="content__container main"> <div class="mainMenu"> <p class="mainMenu__title">Table of content</p> <ul> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER I</span> <span class="mainMenu__chapter__title"> General provisions&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 1 - 4 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-1"> Article 1. Subject-matter and objectives </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-2"> Article 2. Material scope </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-3"> Article 3. Territorial scope </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-4"> Article 4. Definitions </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER II</span> <span class="mainMenu__chapter__title"> Principles&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 5 - 11 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-5"> Article 5. Principles relating to processing of personal data </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-6"> Article 6. Lawfulness of processing </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-7"> Article 7. Conditions for consent </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-8"> Article 8. Conditions applicable to child&#39;s consent in relation to information society services </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-9"> Article 9. Processing of special categories of personal data </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-10"> Article 10. Processing of personal data relating to criminal convictions and offences </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-11"> Article 11. Processing which does not require identification </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER III</span> <span class="mainMenu__chapter__title"> Rights of the data subject&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 12 - 23 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-12"> Article 12. Transparent information, communication and modalities for the exercise of the rights of the data subject </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-13"> Article 13. Information to be provided where personal data are collected from the data subject </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-14"> Article 14. Information to be provided where personal data have not been obtained from the data subject </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-15"> Article 15. Right of access by the data subject </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-16"> Article 16. Right to rectification </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-17"> Article 17. Right to erasure (‘right to be forgotten’) </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-18"> Article 18. Right to restriction of processing </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-19"> Article 19. Notification obligation regarding rectification or erasure of personal data or restriction of processing </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-20"> Article 20. Right to data portability </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-21"> Article 21. Right to object </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-22"> Article 22. Automated individual decision-making, including profiling </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-23"> Article 23. Restrictions </a> </li> </ul> </li> <li class="mainMenu__chapter open"> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER IV</span> <span class="mainMenu__chapter__title"> Controller and processor&nbsp;&nbsp;<i class="fa fa-chevron-down"></i> </span> <span class="mainMenu__chapter__articles"> Art 24 - 43 </span> </a> <ul style=""> <li class="mainMenu__article"> <a href="/gdpr-article-24"> Article 24. Responsibility of the controller </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-25"> Article 25. Data protection by design and by default </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-26"> Article 26. Joint controllers </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-27"> Article 27. Representatives of controllers or processors not established in the Union </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-28"> Article 28. Processor </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-29"> Article 29. Processing under the authority of the controller or processor </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-30"> Article 30. Records of processing activities </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-31"> Article 31. Cooperation with the supervisory authority </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-32"> Article 32. Security of processing </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-33"> Article 33. Notification of a personal data breach to the supervisory authority </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-34"> Article 34. Communication of a personal data breach to the data subject </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-35"> Article 35. Data protection impact assessment </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-36"> Article 36. Prior consultation </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-37"> Article 37. Designation of the data protection officer </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-38"> Article 38. Position of the data protection officer </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-39"> Article 39. Tasks of the data protection officer </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-40"> Article 40. Codes of conduct </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-41"> Article 41. Monitoring of approved codes of conduct </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-42"> Article 42. Certification </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-43"> Article 43. Certification bodies </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER V</span> <span class="mainMenu__chapter__title"> Transfers of personal data to third countries or international organisations&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 44 - 50 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-44"> Article 44. General principle for transfers </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-45"> Article 45. Transfers on the basis of an adequacy decision </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-46"> Article 46. Transfers subject to appropriate safeguards </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-47"> Article 47. Binding corporate rules </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-48"> Article 48. Transfers or disclosures not authorised by Union law </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-49"> Article 49. Derogations for specific situations </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-50"> Article 50. International cooperation for the protection of personal data </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER VI</span> <span class="mainMenu__chapter__title"> Independent supervisory authorities&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 51 - 59 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-51"> Article 51. Supervisory authority </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-52"> Article 52. Independence </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-53"> Article 53. General conditions for the members of the supervisory authority </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-54"> Article 54. Rules on the establishment of the supervisory authority </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-55"> Article 55. Competence </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-56"> Article 56. Competence of the lead supervisory authority </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-57"> Article 57. Tasks </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-58"> Article 58. Powers </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-59"> Article 59. Activity reports </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER VII</span> <span class="mainMenu__chapter__title"> Cooperation and consistency&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 60 - 76 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-60"> Article 60. Cooperation between the lead supervisory authority and the other supervisory authorities concerned </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-61"> Article 61. Mutual assistance </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-62"> Article 62. Joint operations of supervisory authorities </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-63"> Article 63. Consistency mechanism </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-64"> Article 64. Opinion of the Board </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-65"> Article 65. Dispute resolution by the Board </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-66"> Article 66. Urgency procedure </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-67"> Article 67. Exchange of information </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-68"> Article 68. European Data Protection Board </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-69"> Article 69. Independence </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-70"> Article 70. Tasks of the Board </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-71"> Article 71. Reports </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-72"> Article 72. Procedure </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-73"> Article 73. Chair </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-74"> Article 74. Tasks of the Chair </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-75"> Article 75. Secretariat </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-76"> Article 76. Confidentiality </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER VIII</span> <span class="mainMenu__chapter__title"> Remedies, liability and penalties&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 77 - 84 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-77"> Article 77. Right to lodge a complaint with a supervisory authority </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-78"> Article 78. Right to an effective judicial remedy against a supervisory authority </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-79"> Article 79. Right to an effective judicial remedy against a controller or processor </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-80"> Article 80. Representation of data subjects </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-81"> Article 81. Suspension of proceedings </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-82"> Article 82. Right to compensation and liability </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-83"> Article 83. General conditions for imposing administrative fines </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-84"> Article 84. Penalties </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER IX</span> <span class="mainMenu__chapter__title"> Provisions relating to specific processing situations&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 85 - 91 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-85"> Article 85. Processing and freedom of expression and information </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-86"> Article 86. Processing and public access to official documents </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-87"> Article 87. Processing of the national identification number </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-88"> Article 88. Processing in the context of employment </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-89"> Article 89. Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-90"> Article 90. Obligations of secrecy </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-91"> Article 91. Existing data protection rules of churches and religious associations </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER X</span> <span class="mainMenu__chapter__title"> Delegated acts and implementing acts&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 92 - 93 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-92"> Article 92. Exercise of the delegation </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-93"> Article 93. Committee procedure </a> </li> </ul> </li> <li class="mainMenu__chapter "> <a class="mainMenu__chapter_link"> <span class="mainMenu__chapter__index">CHAPTER XI</span> <span class="mainMenu__chapter__title"> Final provisions&nbsp;&nbsp;<i class="fa fa-chevron-up"></i> </span> <span class="mainMenu__chapter__articles"> Art 94 - 99 </span> </a> <ul style="display: none;"> <li class="mainMenu__article"> <a href="/gdpr-article-94"> Article 94. Repeal of Directive 95/46/EC </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-95"> Article 95. Relationship with Directive 2002/58/EC </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-96"> Article 96. Relationship with previously concluded Agreements </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-97"> Article 97. Commission reports </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-98"> Article 98. Review of other Union legal acts on data protection </a> </li> <li class="mainMenu__article"> <a href="/gdpr-article-99"> Article 99. Entry into force and application </a> </li> </ul> </li> </ul> </div> <article class="article-container"> <div id="inner-content"> <div class="article"> <div class="chapter"> <h2 class="chapter__title"> <span class="chapter__title__index">CHAPTER IV</span> <span class="chapter__title__label">Controller and processor</span> </h2> </div> <h3 class="article__title"> Article 33. Notification of a personal data breach to the supervisory authority </h3> <ul class="list-unstyled article__list_level0"> <li class="no-label"> <p id="section-0"> 1.   In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.</p> <ul class="list-unstyled"> </ul> </li> <li class="no-label"> <p id="section-1"> 2.   The processor shall notify the controller without undue delay after becoming aware of a personal data breach.</p> <ul class="list-unstyled"> </ul> </li> <li class="no-label"> <p id="section-2"> 3.   The notification referred to in paragraph 1 shall at least:</p> <ul class="list-unstyled"> </ul> </li> <li class=""> <p id="section-3">(a)&nbsp;&nbsp;&nbsp; describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned; </p> <ul class="list-unstyled"> </ul> </li> <li class=""> <p id="section-4">(b)&nbsp;&nbsp;&nbsp; communicate the name and contact details of the data protection officer or other contact point where more information can be obtained; </p> <ul class="list-unstyled"> </ul> </li> <li class=""> <p id="section-5">(c)&nbsp;&nbsp;&nbsp; describe the likely consequences of the personal data breach; </p> <ul class="list-unstyled"> </ul> </li> <li class=""> <p id="section-6">(d)&nbsp;&nbsp;&nbsp; describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. </p> <ul class="list-unstyled"> </ul> </li> <li class="no-label"> <p id="section-7"> 4.   Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.</p> <ul class="list-unstyled"> </ul> </li> <li class="no-label"> <p id="section-8"> 5.   The controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. That documentation shall enable the supervisory authority to verify compliance with this Article.</p> <ul class="list-unstyled"> </ul> </li> </ul> </div> <script type="text/javascript"> $(document).ready(function(){ var definitions = {"personal data\u2019 means any information relating to an identified or identifiable natural person (\u2018data subject": "\u2018personal data\u2019 means any information relating to an identified or identifiable natural person (\u2018data subject\u2019); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; \n \n \n \n ", "processing": "\u2018processing\u2019 means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; \n \n \n \n ", "restriction of processing": "\u2018restriction of processing\u2019 means the marking of stored personal data with the aim of limiting their processing in the future; \n \n \n \n ", "profiling\u2019 means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person": "\u2018profiling\u2019 means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements; \n \n \n \n ", "pseudonymisation": "\u2018pseudonymisation\u2019 means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person; \n \n \n \n ", "filing system": "\u2018filing system\u2019 means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis; \n \n \n \n ", "controller": "\u2018controller\u2019 means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member\u00a0State law; \n \n \n \n ", "processor": "\u2018processor\u2019 means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; \n \n \n \n ", "recipient": "\u2018recipient\u2019 means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law\u00a0shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing; \n \n \n \n ", "third party": "\u2018third party\u2019 means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data; \n \n \n \n ", "consent\u2019 of the data subject means any freely given, specific, informed and unambiguous indication of the data subject": "\u2018consent\u2019 of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; \n \n \n \n ", "personal data breach": "\u2018personal data breach\u2019 means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed; \n \n \n \n ", "genetic data": "\u2018genetic data\u2019 means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question; \n \n \n \n ", "biometric data": "\u2018biometric data\u2019 means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data; \n \n \n \n ", "data concerning health": "\u2018data concerning health\u2019 means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status; \n \n \n \n ", "main establishment": "\u2018main establishment\u2019 means: \n \n \n \n ", "representative": "\u2018representative\u2019 means a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article\u00a027, represents the controller or processor with regard to their respective obligations under this Regulation; \n \n \n \n ", "enterprise": "\u2018enterprise\u2019 means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity; \n \n \n \n ", "group of undertakings": "\u2018group of undertakings\u2019 means a controlling undertaking and its controlled undertakings; \n \n \n \n ", "binding corporate rules": "\u2018binding corporate rules\u2019 means personal data protection policies which are adhered to by a controller or processor established on the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity; \n \n \n \n ", "supervisory authority": "\u2018supervisory authority\u2019 means an independent public authority which is established by a Member State pursuant to Article\u00a051; \n \n \n \n ", "supervisory authority concerned": "\u2018supervisory authority concerned\u2019 means a supervisory authority which is concerned by the processing of personal data because: \n \n \n \n ", "cross-border processing": "\u2018cross-border processing\u2019 means either: \n \n \n \n ", "relevant and reasoned objection": "\u2018relevant and reasoned objection\u2019 means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union; \n \n \n \n ", "information society service": "\u2018information society service\u2019 means a service as defined in point\u00a0(b) of Article\u00a01(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council ; \n \n \n \n ", "international organisation": "\u2018international organisation\u2019 means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries. \n \n \n \n "}; var terms = Object.keys(definitions); $(".article__list_level0").mark(terms, { separateWordSearch: false, done: function() { $('[data-markjs="true"]').popover({ title: function() { return $(this).text(); }, content: function() { var content = definitions[$(this).text().toLowerCase()]; if (content) { return content; } else { return definitions[$(this).text()]; } }, delay: { "show": 100, "hide": 0 }, trigger: 'hover' }) } }); }); </script> <a class="next-article" href="/gdpr-article-34"> <p>Next</p> <p class="name"> Article 34. Communication of a personal data breach to the data subject </p> <span class="arrow-down"> <i class="fa fa-arrow-down"></i> </span> </a> </div> </article> </div> </div> </div> <div class="col-sm-12 col-xl-3 d-none d-xl-block"> <div class="right-container"> <div class="recitals__header"> <div class="recitals__header__content"> <span class="share__title"> Share this </br> project </span> <a href="mailto:?body=https%3A%2F%2Fgdpr.algolia.com%2F%20Official%20text%20of%20GDPR%20%E2%80%93%20General%20Data%20Protection%20Regulation%20%E2%80%93%20made%20searchable%20by%20Algolia.%20Easily%20search%20in%20chapters%2C%20articles%20and%20recitals%20to%20read%20faster%20and%20become%20GDPR%20compliant." class="share-link"> <img src="/static/img/ic-mail.9aeca84437fe.svg" alt="Email icon" width="14px"> <span class="share__label">Email</span> </a> <a href="https://www.linkedin.com/shareArticle?url=https://gdpr.algolia.com/gdpr-article-33&mini=true" class="share-link" target="_blank"> <img src="/static/img/ic-linkedin.536efc2cded5.svg" alt="LinkedIn icon" width="14px"> <span class="share__label">LinkedIn</span> </a> <a href="https://twitter.com/intent/tweet?url=https://gdpr.algolia.com/gdpr-article-33" class="share-link" target="_blank"> <img src="/static/img/ic-twitter.28b9fb3ebf51.svg" alt="Twitter icon" width="14px"> <span class="share__label">Twitter</span> </a> </div> </div> <div class="recitals"> <div class="recitals__container"> <h3> <i class="fa fa-link"></i>Suitable Recitals for article 33</h3> <ul class="list-unstyled"> <li> <span class="index">85</span> <a href="#recital-85" class="recital-link" data-recital-content="A personal data breach may, if not addressed in an appropriate and timely manner, result in physical, material or non-material damage to natural persons such as loss of control over their personal data or limitation of their rights, discrimination, identity theft or fraud, financial loss, unauthorised reversal of pseudonymisation, damage to reputation, loss of confidentiality of personal data protected by professional secrecy or any other significant economic or social disadvantage to the natural person concerned. Therefore, as soon as the controller becomes aware that a personal data breach has occurred, the controller should notify the personal data breach to the supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the controller is able to demonstrate, in accordance with the accountability principle, that the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where such notification cannot be achieved within 72 hours, the reasons for the delay should accompany the notification and information may be provided in phases without undue further delay." data-recital-index="85"> <span>A personal data breach may, if not addressed in...</span> </a> </li> <li> <span class="index">87</span> <a href="#recital-87" class="recital-link" data-recital-content="It should be ascertained whether all appropriate technological protection and organisational measures have been implemented to establish immediately whether a personal data breach has taken place and to inform promptly the supervisory authority and the data subject. The fact that the notification was made without undue delay should be established taking into account in particular the nature and gravity of the personal data breach and its consequences and adverse effects for the data subject. Such notification may result in an intervention of the supervisory authority in accordance with its tasks and powers laid down in this Regulation." data-recital-index="87"> <span>It should be ascertained whether all appropriat...</span> </a> </li> <li> <span class="index">88</span> <a href="#recital-88" class="recital-link" data-recital-content="In setting detailed rules concerning the format and procedures applicable to the notification of personal data breaches, due consideration should be given to the circumstances of that breach, including whether or not personal data had been protected by appropriate technical protection measures, effectively limiting the likelihood of identity fraud or other forms of misuse. Moreover, such rules and procedures should take into account the legitimate interests of law-enforcement authorities where early disclosure could unnecessarily hamper the investigation of the circumstances of a personal data breach." data-recital-index="88"> <span>In setting detailed rules concerning the format...</span> </a> </li> </ul> </div> </div> <div class="recital-content-container d-none d-xl-block"> <div class="inner"> <h2></h2> <p></p> <div class="recital-close"> <span class="cross">X</span> <span>Close this recital</span> </div> </div> </div> </div> </div> </div> <script type="text/javascript"> var $recitalContentContainer = $('.recital-content-container'); var $menuButton = $('.menu__btn'); var $menuContainer = $('.mainMenu'); $(document).ready(function () { $('.recital-link').click(function () { var recitalIndex = $(this).data('recital-index'); var recitalContent = $(this).data('recital-content'); $recitalContentContainer.find('h2').text('# ' + recitalIndex); $recitalContentContainer.find('p').text(recitalContent); $recitalContentContainer.toggleClass('open'); }); $('.recital-close').click(function () { $recitalContentContainer.removeClass('open'); }); $menuButton.click(function(){ $menuContainer.toggleClass('open'); }); $('.mainMenu__chapter_link').click(function(){ $(this).find('i').toggleClass('fa-chevron-up').toggleClass('fa-chevron-down'); $(this).next().slideToggle('fast'); }); if ($('.mainMenu__chapter.open').length) { var offset = $('.mainMenu__chapter.open').offset()['top']; $('.mainMenu').scrollTop(offset - 129); } }); </script> <!-- Google Tag Manager (noscript) --> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-MN3XDGF" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <!-- End Google Tag Manager (noscript) --> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10