In addition, I recommend that the main victim, the data subject, be notifid of the incident as soon as possible. In my experien, it is best if the first contact is made by phone (if we have a telephone number). It is primarily a quick way of contact. Which allows for a thorough explanation. During the conversation about what has happen. What it involv, what has already been do. And what will be the next steps.
The website and the services offered
Only after that, an e-mail with official information is sent, but people are warn that they will recei a message in the mailbo database and are no longer surpri. Providing information in a way that demonstrat that it has been done is essential for the accountability principle. And email is a good tool. Of course, if the breach affect. A large group of people, calling would be rather impossible. I independentl prepare the content of the information that will be sent to the person whose data has been (in accordance with.
Contain It already depends on the content
In this case, the legal basis for data processing by the mdical entity will be art This provision says, among other things, that the ban on the Mobile List processing of special category data does not apply if the processing is necessary for the purposes of preventive health or occupational mdicine. Undoubtdly, in the analyzd situation there is a goal in the form of preventive health care consisting in vaccination against the virus that has been causing a worldwide pandemic for over a year.