235.11DPOFederal Council OrdinanceSep 1, 2023Original source
The report to the FDPIC of a breach of data security must include the following information:
the form of breach;
the time and duration, if possible;
the categories and approximate amount of personal data concerned, if possible;
the categories and the approximate number of data subjects, if possible;
the consequences, including any risks, for the data subjects;
the measures that have been taken or are planned in order to remedy the breach and mitigate the consequences, including any risks;
the name and the contact details of a contact person.
If the controller is unable to report all the details at one time, it shall supply the missing details as quickly as possible.
If the controller is required to inform the data subject, it shall provide the data subject with the details specified in paragraph 1 letters a and e–g in simple and comprehensible language.
The controller must document the breaches. The documentation must contain a summary of the circumstances of the incidents, their effects and the measures taken. It shall be retained from the time of the report under paragraph 1 for a minimum of two years.
0 commentaries
No commentaries are available for this article yet.