Short Reads

Countdown 7 weeks until GDPR : Will entities be required to report any contraventions of the GDPR to the regulators?

Stibbe - Will entities be required to report any serious contravention

Countdown 7 weeks until GDPR : Will entities be required to report any contraventions of the GDPR to the regulators?

05.04.2018 EU law

Only 7 more weeks to go before the GDPR becomes fully effective. Preparing your company for the application of this new regulation requires a correct understanding of its principles. Each week, we highlight one particular misconception regarding the interpretation of the GDPR.

Will entities be required to report any serious contraventions of the GDPR to the regulators and to data subjects affected?

According to Article 33.1 of the GDPR reporting those contraventions will not be required in all cases, but only if the breach in question implies a risk to the rights and freedoms of the individuals whose data have been affected by the contravention.

The Article 29 Working Party has clarified that there is a “risk to the rights and freedoms” if the breach can lead to physical, material, or non-material damage to the individuals whose data have been breached. Any such risk should appear to be related to a third party’s non-authorized access to the individual’s information, leading to the violation of that individual’s rights to privacy or any other relevant right (e.g., economic loss derived from the use of a credit card number of an individual whose data have been unduly accessed). When evaluating this risk, one should do so on the basis of an objective assessment while taking into account criteria such as the type of breach, the nature, sensitivity, and volume of personal data concerned, the ease of identification, the severity of consequences for individuals, etc.

Hence, according to this approach, incidents that have no consequences on the rights and freedoms of individuals (e.g., loss of information, without any third party having accessed to such data) should not be reported under the GDPR.

Stibbe, together with Chiomenti, Cuatrecasas, GIDE and Gleiss Lutz, have gathered this useful information, reflecting some common misconceptions about the implementation of the GDPR.

Team

Related news

02.04.2020 NL law
Stibbe in Amsterdam answers questions from consumers, small business foundations and NGOs about the coronavirus

Inside Stibbe - In a special Q&A (in Dutch), lawyers from our Amsterdam office share their legal expertise and strive to provide answers to questions put to us by consumers, self-employed persons, enterprises large and small, foundations and NGOs as a result of the corona crisis.

Read more

18.03.2020 EU law
Stibbe: COVID-19

Short Reads - In view of the developments concerning the coronavirus, we hereby inform you of our business operations and the measures we take to ensure the continuity of our services to you.

Read more

12.03.2020 EU law
Stibbe sets up corona team

Inside Stibbe - The coronavirus (COVID-19) may have legal consequences for your business. We have set up a team of specialists who can provide insight into the legal implications of the virus.

Read more

10.03.2020 NL law
De AVG staat niet in de weg aan de verwerking van persoonsgegevens door een toezichthouder tijdens een bedrijfsbezoek

Short Reads - Bedrijven die met toezicht worden geconfronteerd, zijn gehouden op verzoek van een toezichthouder in beginsel alle informatie te verstrekken. Met de komst van de Algemene verordening gegevensbescherming (AVG) is in de praktijk de vraag opgekomen of een toezichthouder bevoegd is om persoonsgegevens die onderdeel uitmaken van de gevraagde informatie te verwerken.

Read more

This website uses cookies. Some of these cookies are essential for the technical functioning of our website and you cannot disable these cookies if you want to read our website. We also use functional cookies to ensure the website functions properly and analytical cookies to personalise content and to analyse our traffic. You can either accept or refuse these functional and analytical cookies.

Privacy – en cookieverklaring