Ti | = | Article 34 - Communication of a {_personal_data_breach} to the {_data_subject} |
1.sec | = | When the {_personal_data_breach} is likely to result in a high risk to the rights and freedoms of {_natural_persons}, the {_controller} shall communicate the {_personal_data_breach} to the {_data_subject} without undue delay. |
2.sec | = | The communication to the {_data_subject} referred to in paragraph 1 of this Article shall describe in clear and plain language the nature of the {_personal_data_breach} and contain at least the information and the recommendations provided for in points (b), (c) and (d) of Article 33(3). |
3.0.sec | = | The communication to the {_data_subject} referred to in paragraph 1 shall not be required if any of the following conditions are met: |
3.1.sec | = | the {_controller} has implemented appropriate technical and organisational protection measures, and that those measures were applied to the {_personal_data} affected by the {_personal_data_breach}, in particular those that render the {_personal_data} unintelligible to any person who is not authorised to access it, such as encryption; |
3.2.sec | = | the {_controller} has taken subsequent measures which ensure that the high risk to the rights and freedoms of {_data_subjects} referred to in paragraph 1 is no longer likely to materialise; |
3.3.sec | = | it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the {_data_subjects} are informed in an equally effective manner. |
3. | = | [G/Z/ol-a/s3] |
4.sec | = | If the {_controller} has not already communicated the {_personal_data_breach} to the {_data_subject}, the {_supervisory_authority}, having considered the likelihood of the {_personal_data_breach} resulting in a high risk, may require it to do so or may decide that any of the conditions referred to in paragraph 3 are met. |
= | [G/Z/ol/s4] | |