Ti | = | Article 33 - Notification of a {_personal_data_breach} to the {_supervisory_authority} |
1.sec | = | In the case of a {_personal_data_breach}, the {_controller} shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the {_personal_data_breach} to the {_supervisory_authority} competent in accordance with Article 55, unless the {_personal_data_breach} is unlikely to result in a risk to the rights and freedoms of {_natural_persons}. Where the notification to the {_supervisory_authority} is not made within 72 hours, it shall be accompanied by reasons for the delay. |
2.sec | = | The {_processor} shall notify the {_controller} without undue delay after becoming aware of a {_personal_data_breach}. |
3.0.sec | = | The notification referred to in paragraph 1 shall at least: |
3.1.sec | = | describe the nature of the {_personal_data_breach} including where possible, the categories and approximate number of {_data_subjects} concerned and the categories and approximate number of {_personal_data} records concerned; |
3.2.sec | = | communicate the name and contact details of the data protection officer or other contact point where more information can be obtained; |
3.3.sec | = | describe the likely consequences of the {_personal_data_breach}; |
3.4.sec | = | describe the measures taken or proposed to be taken by the {_controller} to address the {_personal_data_breach}, including, where appropriate, measures to mitigate its possible adverse effects. |
3. | = | [G/Z/ol-a/s4] |
4.sec | = | Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay. |
5.sec | = | The {_controller} shall document any {_personal_data_breaches}, comprising the facts relating to the {_personal_data_breach}, its effects and the remedial action taken. That documentation shall enable the {_supervisory_authority} to verify compliance with this Article. |
= | [G/Z/ol/s5] | |