Ti	=	Article 33 - Notification of a {_personal_data_breach} to the {_supervisory_authority}
1.sec	=	In the case of a {_personal_data_breach}, the {_controller} shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the {_personal_data_breach} to the {_supervisory_authority} competent in accordance with Article 55, unless the {_personal_data_breach} is unlikely to result in a risk to the rights and freedoms of {_natural_persons}. Where the notification to the {_supervisory_authority} is not made within 72 hours, it shall be accompanied by reasons for the delay.
2.sec	=	The {_processor} shall notify the {_controller} without undue delay after becoming aware of a {_personal_data_breach}.
3.0.sec	=	The notification referred to in paragraph 1 shall at least:
3.1.sec	=	describe the nature of the {_personal_data_breach} including where possible, the categories and approximate number of {_data_subjects} concerned and the categories and approximate number of {_personal_data} records concerned;
3.2.sec	=	communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
3.3.sec	=	describe the likely consequences of the {_personal_data_breach};
3.4.sec	=	describe the measures taken or proposed to be taken by the {_controller} to address the {_personal_data_breach}, including, where appropriate, measures to mitigate its possible adverse effects.
3.	=	[G/Z/ol-a/s4]
4.sec	=	Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.
5.sec	=	The {_controller} shall document any {_personal_data_breaches}, comprising the facts relating to the {_personal_data_breach}, its effects and the remedial action taken. That documentation shall enable the {_supervisory_authority} to verify compliance with this Article.
	=	[G/Z/ol/s5]