68 Communication of a personal data breach to the data subject
68 Communication of a personal data breach to the data subject

(1)     Where a personal data breach is likely to result in a high risk to the rights and freedoms of individuals, the controller must inform the data subject of the breach without undue delay.

(2)     The information given to the data subject must include the following—

(a)     a description of the nature of the breach;

(b)     the name and contact details of the data protection officer or other contact point from whom more information can be obtained;

(c)     a description of the likely consequences of the personal data breach;

(d)     a description of the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

(3)     The duty under sub

Popular documents