690
If you want to report a data protection breach, there are a few steps you can take to do so. It is important that you are sure that a data protection breach has actually occurred.
How to report a data protection breach
Before you report a data breach to an official body, you should be sure that a breach has actually occurred.
- Collect evidence. Make notes about what exactly happened and have all relevant documents ready for the interview, such as emails or screenshots.
- If you suspect a data protection breach in your company or organisation, inform the Data Protection Officer or your supervisor immediately.
- If the breach was caused by an external company, contact their Data Protection Officer.
- In Germany, companies and organisations must report certain data protection breaches to the competent supervisory authority. These include, for example, data leaks or the loss of personal data.
- If you are not sure whether a breach needs to be reported, you can contact the competent supervisory authority. In Germany, this is the Federal Office for Information Security (BSI).
How to recognise a data protection breach
When a data breach occurs depends on several factors.
- If personal data are processed, disclosed or deleted without sufficient security measures, this can be considered a data protection breach.
- It may also be a breach if personal data are processed without sufficient consent of the data subject.
- It is important that businesses and organisations comply with data protection legislation and ensure that personal data is processed securely.
- In Germany, data protection violations are investigated and, if necessary, sanctioned by the competent supervisory authority.
- Depending on the severity of the violation, this can lead to fines, warnings or even imprisonment.
