Reporting Personal Data Breach

The European General Data Protection Regulation (GDPR) imposes legal requirements and obligations on the body responsible for processing, existing legal obligation to provide information

• the supervisory authority (for the Heinrich-Heine-Universität  the state data protection officer (LDI) NRW)) or
• Notification of affected persons

can be adhered to. The legal obligation to report data protection violations to the supervisory authority under Art. 33 GDPR_[External] requires reporting within 72 hours of becoming aware of it. If there is an obligation to report to the affected persons, the report must be made as quickly as possible. In addition to reporting to the supervisory authority, in the case of Article 34 GDPR_[External], the persons affected must also be informed immediately. This is the case if the breach of personal data protection is likely to result in a high risk to the personal rights and freedoms of natural persons. The supervisory authority must also be informed whether and which measures were taken within the framework of Article 33 Paragraph 3 Letter d.

Please fill out the reporting form and submit it to the data protection reporting office.

According to Art. 4 Number 12 GDPR_[External] 'personal data breach’ means a breach of security leading to

• the accidental or unlawful destruction,
• loss,
• alteration,
• unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed

The following form is available to you to document data protection violations:"Meldung einer Verletzung des Schutzes personenbezogener Daten" . If a data protection breach requires reporting, this is also the information that must be transmitted to the data protection supervisory authority of the state of North Rhine-Westphalia.