GDPR-33-09 Documentation 33 — Notification of a personal data breach to the supervisory authority

Document all personal data breaches

Description

The controller must document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken.

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Related Obligations

GDPR-33-01 Reporting

Notify supervisory authority of personal data breach within 72 hours

GDPR-33-02 Transparency

Provide reasons for delayed breach notification

GDPR-33-03 Reporting

Processor must notify controller of personal data breach

GDPR-33-04 Transparency

Describe nature of personal data breach in notification

GDPR-33-05 Transparency

Provide contact details in breach notification

GDPR-33-06 Transparency

Describe likely consequences of breach in notification

GDPR-33-07 Transparency

Describe remedial measures in breach notification

GDPR-33-08 Reporting

Provide breach information in phases if necessary

GDPR-33-10 Documentation

Maintain breach documentation for supervisory authority verification

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Document all personal data breaches

Description

Full Analysis & Evidence Requirements

Related Obligations

Map this obligation to your AI systems

Start your compliance assessment