Data Breaches

AuthorDavid Zetoony
ProfessionIs a partner in the Boulder, Colorado office of Bryan Cave Leighton Paisner, LLP, an international law firm
Pages91-101
91
DAtA BReAcHes
Q.95 Does tHe GDpR ReQUIRe tHAt
contRoLLeRs notIfy IMpActeD peopLe
If tHeRe Is A DAtA BReAcH?
Yes.
In certain circumstances Article 34 of the GDPR requires that con-
trollers notify impacted individuals in connection with certain types of
data breaches.
Q.96 Does tHe GDpR ReQUIRe tHAt
contRoLLeRs notIfy ReGULAtoRs If
tHeRe Is A DAtA BReAcH?
Yes.
In certain circumstances Article 33 of the GDPR requires that con-
trollers notify one or more “supervisory authorit[ies]” in the event of
certain types of data breaches.
Q.97 Does tHe GDpR DAtA BReAcH
notIfIcAtIon pRoVIsIon coVeR tHe
sAMe type of DAtA As UnIteD stAtes
DAtA BReAcH notIfIcAtIon LAWs?
No.
Almost every state in the United States has its own data breach noti-
cation law. In addition there are several federal data breach notication
laws with national applicability that apply to specic industry sectors.
Almost all of the United States breach notication laws apply only
to enumerated categories of sensitive information (such as Social Secu-
rity Numbers, driver’s license numbers, health information, or nancial
account numbers).
The GDPR breach notication provision has a far broader scope. It
potentially applies to any data breach that involves personal data, which,

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT