| Commentary

(b) Notifying data subjects

| Commentary

(b)     Notifying data subjects

If the personal data breach is likely to result in a high risk to the rights and freedoms of the data subjects, in addition to notifying the ICO (see para [194.163]), the employer is obliged to communicate the personal data breach to the data subjects without undue delay, unless (UK GDPR art 34):

  1.  

    —     the breach is unlikely to result in a high risk to the rights and freedoms of the data subjects;

  2.  

    —     the employer has implemented appropriate technical and organisational protection measures to the personal data concerned, which renders the data unintelligible

To continue reading
Analyse the law and clarify obscure passages all within a practical context.