Jump to contentJump to search

Reporting Personal Data Breach

In the case of data breaches within the meaning of Art. 4 No. 12 GDPR the data protection supervisory authority of the HHU must be informed of this within 72 hours (Art. 33 GDPR). In case of a data protection breach, in case of doubt, contact your superior and/or the legal entity of the HHU as a data protection information authority immediately. You can also contact the data protection officer directly.

The European General Data Protection Regulation (GDPR) establishes legal requirements and obligations for the body responsible for the personal data processing, that means Heinrich-Heine-University.  Personal data breaches must be reported within the university to the Staff Unit Legal Affairs as a data protection reporting authority, so that the possible legal obligation to inform

  • the supervisory authority (for HHU the Land Data Protection Officer (LDI) NRW) or
  • the data subjects

The legal obligation to report personal data breaches to the supervisory authority under Art. 33 GDPR[External] requires a notification within 72 hours of becoming aware. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay Article 34 GDPR[External].

Please fill in the internal registration form and submit it to the Data Protection Notification Authority.

According to Art. 4 Number 12 GDPR[External] 'personal data breach’ means a breach of security leading to

  • the accidental or unlawful destruction,
  • loss,
  • alteration,
  • unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

For the documentation of personal data breaches at HHU, please use the form "Notification of a personal data breach”. If a data breach is required to report, this is also the information that must be transmitted to the data protection supervisory authority of the State of North Rhine-Westphalia.
 
Here you will find more information in case there is evidence that your mailbox have been copied by criminals.

Responsible for the content: