4 Amendments of Hubert PIRKER related to 2011/0011(COD)
Amendment 1957 #
Proposal for a regulation
Article 31 – paragraph 1
Article 31 – paragraph 1
1. In the case of a personal data breach, the controller shall without undue delay and, where relating to special categories of personal data, personal data which are subject to profeassible, not later than 24 hours after having become aware of it, notify theonal secrecy, personal data relating to criminal offences or to the suspicion of a criminal act or personal data breach to the supervisory authority. The notification to the supervisory authority shall be accompanied by a reasoned justification in cases where it is not made within 24 hourslating to bank or credit card accounts, which seriously threaten the rights or legitimate interests of the data subject, the controller shall without undue delay notify the personal data breach to the supervisory authority.
Amendment 1987 #
Proposal for a regulation
Article 31 – paragraph 5
Article 31 – paragraph 5
Amendment 1999 #
Proposal for a regulation
Article 32 – paragraph 1
Article 32 – paragraph 1
1. When the personal data breach is likely to adversely affect the protection of the personal data or, the privacy, the right or the legitimate interests of the data subject, the controller shall, after the notification referred to in Article 31, communicate the personal data breach to the data subject without undue delay. A breach should be considered as adversely affecting the personal data or privacy of a data subject where it could result in, for example, identity theft or fraud, physical harm, significant humiliation or damage to reputation.
Amendment 2003 #
Proposal for a regulation
Article 32 – paragraph 3
Article 32 – paragraph 3
3. The communication of a personal data breach to the data subject shall not be required if the controller demonstrates to the satisfaction of the supervisory authority that itdata breach has not produced significant harm and the controller has implemented appropriate technological protection measures, and that those measures were applied to the data concerned by the personal data breach. Such technological protection measures shall render the data unintelligible, unusable or anonymised to any person who is not authorised to access to it.