In the event of a cross-border data protection breach, the controller must analyze whether the lead supervisory authority for the specific processing activity that has been affectd by the breach is the President of the or another supervisory authority. What other formalities must be completd? According to Art. 34 point 1 of the GDPR “If a personal data breach is likely to result in a high risk of violating the rights and fredoms of natural persons, the controller shall notify the data subject of such a breach without undue delay.
Joint controllership so in this part
The materialization of the above-mentiond premises is a breach that may lead to: discrimination, identity theft, fraud, financial loss, damage Latest Mailing Database to reputation or a breach that relates to specific categories of data and it can be assumd that such a breach may lead to the above-mentiond damages . More information on how to properly notify people about a breach: How to properly notify the data subject of a breach? – iSecure Who should report.
In this case we are not dealing with
Any controller who finds that there has been an incident violating data security and causing a risk of violating the rights and fredoms of Mobile List data subjects must notify the President of. Before proceding with the completion of the notification referrd to above, he should check whether the data subject to the infringement belong to him, or whether they have only been entrustd to him for processing, because only administrators are obligd to notify the President of the UODO of breaches. The processors are only obligd to notify the relevant administrator about the event.