GDPR-33-01
Reporting
33 — Notification of a personal data breach to the supervisory authority
Notify supervisory authority of personal data breach within 72 hours
Description
Controller must notify the competent supervisory authority of a personal data breach without undue delay and, where feasible, not later than 72 hours after becoming aware of it, unless the breach is...
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
GDPR-33-02
Transparency
Provide reasons for delayed breach notification
GDPR-33-03
Reporting
Processor must notify controller of personal data breach
GDPR-33-04
Transparency
Describe nature of personal data breach in notification
GDPR-33-05
Transparency
Provide contact details in breach notification
GDPR-33-06
Transparency
Describe likely consequences of breach in notification
GDPR-33-07
Transparency
Describe remedial measures in breach notification
GDPR-33-08
Reporting
Provide breach information in phases if necessary
GDPR-33-09
Documentation
Document all personal data breaches
GDPR-33-10
Documentation
Maintain breach documentation for supervisory authority verification
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started