The right course of action in case of a data breach
Reporting and notification duties in accordance with Articles 33 and 34 of the GDPR
Article by Olga Kasner in the current edition of "Privacy in Germany" (PinG)
How should controllers react if e.g. data is erased by an unauthorized person or an online shop is hacked and customer data is stolen? Would such an incident qualify as a personal data breach? When should data breaches be reported to the supervisory authority when would it be necessary to notify the data subject whose personal data was erased or stolen?
These and other questions are clarified by Olga Kasner in her article in "Privacy in Germany" (PinG).
To the article preview