AI-based solution designed to automate personal data discovery and classification

Data Inventory

Discover personal data across multiple systems in the cloud or on-premise

Privacy Program Automation

Data Processing Inventory (ROPA)

Harbor cooperation between DPO, Legal Services, IT and Marketing

Data Subject Request

Turn data subjects request into an automated workflow with a clear insight into data every step of the way

Assessment Automation

Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation

Third Party Management

Guide your partners trough vendor management process workflow

Risk Management

Identifying the risk from the point of view of Data Subject

Incident Management

Quickly respond, mitigate damage and maintain compliance

Consent and Preference Management

Data Removal orchestration

Data Removal

Introducing end-to end automation of personal data removal

Services

State-of-Privacy-Assessment (SOPA)

Support

Professional Services

Pricing plans

Talk to sales

Resources

Latest Blog posts

Unstructured Data: What it is and How to Discover it

14/09/2023

Learn the terms

Invisible processing

Data Governance

Lead Supervisory Authority (LSA)

Fairness

Rights (per GDPR)

Lawfulness

Right to rectification

Genetic data

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

Saudi Arabia’s Personal Data Protection Law PDPL

24/08/2023

Legal & Ethical Review & Mastering Informed Consent for Clinical Trial Studies

22/03/2023

The Value of Data Discovery Solution In Pharmaceutical Industry

22/03/2023

Partners

Become a partner

About us

Careers

General Data Protection Regulation (GDPR)

GDPR

>

Chapter 4 >

Art. 33 — Notification of a personal data breach to the supervisory authority

Article 33

Notification of a personal data breach to the supervisory authority

Chapter 4

¹In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. ²Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
The processor shall notify the controller without undue delay after becoming aware of a personal data breach.
The notification referred to in paragraph 1 shall at least:
1. describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
2. communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
3. describe the likely consequences of the personal data breach;
4. describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.
¹The controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. ²That documentation shall enable the supervisory authority to verify compliance with this Article.