1. What determines the submission of an infringement statement for the processing of personal data?
Article 33 of the European Parliament and of the Council Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 EC (General Data Protection Regulation, hereinafter referred to as “VDAR”).
2. What is a violation of the protection of the processing of personal data?
“Breach of personal data protection” means a security breach resulting in the accidental or unlawful destruction, loss, modification, unauthorised disclosure or access to personal data transmitted, stored or otherwise processed (Article 4 (12) of the DAR)
3. What information should be included in the Communication?
The notification shall describe the nature of the breach of personal data protection, including, where possible, the categories and estimated number of data subjects concerned and the categories and approximate number of personal data records concerned;
the name and contact details of the data protection specialist or instructions to another contact point where additional information can be obtained;
a description of the potential consequences of a personal data breach;
actions or measures taken or proposed by the controller to prevent a personal data breach, including, where appropriate, measures to mitigate its potential adverse effects.
4. Who submits a statement of breach of the protection of the processing of personal data?
The communication of the personal data processing protection violation shall be submitted to the State Data Inspectorate by the data controller or his or her authorised representative.
5. When do I need to submit a statement of breach of the protection of personal data?
In the case of an infringement of personal data protection, the controller shall, without undue delay and, if possible, not later than 72 hours from the time when the breach became known, submit a statement of the breach of the protection of personal data.
6. When is it not necessary to submit a statement of breach of the protection of personal data?
The controller may not submit a Notice in cases where it is unlikely that a breach of personal data protection could pose a risk to the rights and freedoms of individuals.
7. Necessary actions to submit a statement of violation of the protection of the processing of personal data.
The controller shall document any breaches of personal data protection, specifying the facts related to the breach of personal data, its consequences and any remedial action taken.
The form of the notification is available on the Internet site of the National Data Inspectorate.www.dvi.gov.lvunder the heading “Data Protection” - “Individuals” - “Application Samples”
Samples of the application
8. Useful information and links.
link towww.dvi.gov.lvForm of personal data processing breach statements and information about filling out the form, as well as other useful information about completing the DBN (explanatory notes, etc.)
9. Can a statement of breach of the protection of personal data be submitted in stages?
Where and to the extent that information cannot be provided at the same time, the information may be provided at stages without further undue delay. If the notification to the State Data Inspectorate has not taken place within 72 hours, the notification shall be accompanied by the reasons for the delay.