GDPR-33-03
Reporting
33 — Notification of a personal data breach to the supervisory authority
Processor must notify controller of personal data breach
Description
The processor must notify the controller without undue delay after becoming aware of a personal data breach.
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
GDPR-33-01
Reporting
Notify supervisory authority of personal data breach within 72 hours
GDPR-33-02
Transparency
Provide reasons for delayed breach notification
GDPR-33-04
Transparency
Describe nature of personal data breach in notification
GDPR-33-05
Transparency
Provide contact details in breach notification
GDPR-33-06
Transparency
Describe likely consequences of breach in notification
GDPR-33-07
Transparency
Describe remedial measures in breach notification
GDPR-33-08
Reporting
Provide breach information in phases if necessary
GDPR-33-09
Documentation
Document all personal data breaches
GDPR-33-10
Documentation
Maintain breach documentation for supervisory authority verification
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started