In the case of data breaches within the meaning of Art. 4 No. 12 GDPR the data protection supervisory authority of the HHU must be informed of this within 72 hours (Art. 33 GDPR). In the event of a data protection breach, if in doubt, immediately contact your superior and/or the HHU legal department as the data protection information point. You can also contact the data protection officer directly.
The European General Data Protection Regulation (GDPR) imposes legal requirements and obligations on the body responsible for processing, existing legal obligation to provide information
- the supervisory authority (for the Heinrich-Heine-Universität the state data protection officer (LDI) NRW)) or
- Notification of affected persons
can be adhered to. The legal obligation to report data protection violations to the supervisory authority under Art. 33 GDPR[External] requires reporting within 72 hours of becoming aware of it. If there is an obligation to report to the affected persons, the report must be made as quickly as possible. In addition to reporting to the supervisory authority, in the case of Article 34 GDPR[External], the persons affected must also be informed immediately. This is the case if the breach of personal data protection is likely to result in a high risk to the personal rights and freedoms of natural persons. The supervisory authority must also be informed whether and which measures were taken within the framework of Article 33 Paragraph 3 Letter d.
Please fill out the reporting form and submit it to the data protection reporting office.
According to Art. 4 Number 12 GDPR[External] 'personal data breach’ means a breach of security leading to
- the accidental or unlawful destruction,
- unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed
The following form is available to you to document data protection violations:"Meldung einer Verletzung des Schutzes personenbezogener Daten" . If a data protection breach requires reporting, this is also the information that must be transmitted to the data protection supervisory authority of the state of North Rhine-Westphalia.