by Matthew Austin , Ruth Prendeville August-28-2019 in Data Protection

On 14 August 2019, the Data Protection Commission (“DPC”) announced the publication of a new guidance note entitled “A Quick Guide to GDPR Breach Notifications.”  The guidance note reminds controllers of their obligations to notify personal data breaches to the DPC, and to communicate personal data breaches to data subjects themselves, in certain circumstances.

The guidance note indicates an intention on the DPC’s part to take a strict view of the obligations provided for in Article 33 of the GDPR (Notification of a personal data breach to the DPC) and Article 34 of the GDPR (Communication of a personal data breach to the data subject).

The guidance note also emphasises the importance of the accountability principle, which in the context of breach notification requirements obliges controllers to ensure that they document any and all personal data breaches, including the facts relating to the personal data breach, its effects and the remedial actions taken.  In order to comply with their accountability obligations, the DPC recommends that controllers should also be able to demonstrate when and how they became aware of a personal data breach, which will assist the DPC in assessing compliance with the requirement to notify “without undue delay”.  This recommendation goes further than the letter of the GDPR and is consistent with the approach of the DPC that we have seen to date.

Click here to read the full guidance note.


For further information please contact Matthew Austin maustin@hayes-solicitors.ie or Ruth Prendeville rprendeville@hayes-solicitors.ie at Hayes solicitors

Back to Full News