by Matthew Austin , Ruth Prendeville August-28-2019 in Data Protection
On 14 August 2019, the Data Protection Commission (“DPC”) announced the publication of a new guidance note entitled “A Quick Guide to GDPR Breach Notifications.” The guidance note reminds controllers of their obligations to notify personal data breaches to the DPC, and to communicate personal data breaches to data subjects themselves, in certain circumstances.
The guidance note indicates an intention on the DPC’s part to take a strict view of the obligations provided for in Article 33 of the GDPR (Notification of a personal data breach to the DPC) and Article 34 of the GDPR (Communication of a personal data breach to the data subject).
The guidance note also emphasises the importance of the accountability principle, which in the context of breach notification requirements obliges controllers to ensure that they document any and all personal data breaches, including the facts relating to the personal data breach, its effects and the remedial actions taken. In order to comply with their accountability obligations, the DPC recommends that controllers should also be able to demonstrate when and how they became aware of a personal data breach, which will assist the DPC in assessing compliance with the requirement to notify “without undue delay”. This recommendation goes further than the letter of the GDPR and is consistent with the approach of the DPC that we have seen to date.
Click here to read the full guidance note.
For further information please contact Matthew Austin maustin@hayes-solicitors.ie or Ruth Prendeville rprendeville@hayes-solicitors.ie at Hayes solicitors
Back to Full NewsShare this article:
About the Authors
Matthew Austin
Matthew is a partner in the Commercial & Business team and has considerable expertise in a range of practice areas, having acted for Irish and International clients in domestic and multi-jurisdictional issues. Matthew has advised in civil and administrative law disputes and in regulatory and advisory matters including insolvency/restructuring, IP, defamation and media law, competition and consumer protection and data protection.
Ruth Prendeville
Ruth is an associate solicitor in the Commercial & Business team at Hayes solicitors. She advises on an array of commercial and regulatory matters, including in the areas of privacy and data protection, intellectual property, terms and conditions of purchase and sale, advertising and promotions and commercial contracts. Her clients include those from key business industries including media and entertainment, advertising, motor, food, accountancy, manufacturing and business networking.