DataBreach
The FDPIC provides the data controllers with an online form with which they reports can be submitted in a digital and secure manner. After submitting the report, the data controller can download a confirmation with the submitted data.
Only personal data breaches that result in the unintentional or wrongful loss, deletion, destruction or alteration of personal data, or made accessible or disclosed to unauthorised persons, and that are likely to result in a high risk to the personality or fundamental rights of the data subjects must be reported.
If it is necessary for the protection of the data subjects, the data controllers must inform them of the personal data breach. Further information on notifications is available on the online form:
Form reserved exclusively for notifications by data controllers (DataBreach)
Guidelines on data breaches
These FDPIC guidelines deal with the legal notification requirements for data security breaches to the FDPIC, in particular the notion of a ‹likely high risk› as defined in art. 24 para. 1 FADP. They also define the requirements for informing the data subjects in the event of a data security breach in accordance with art. 24 para. 4 FADP.