8 Amendments of Ivailo KALFIN related to 2012/0011(COD)
Amendment 260 #
Proposal for a regulation
Recital 67
Recital 67
(67) A personal data breach may, if not addressed in an adequate and timely manner, result in substantial economic loss and social harm, including identity fraud, to the individual concerned. Therefore, as soon as the controller becomes aware that such a breach has occurred, the controller should notify the breach to the supervisory authority without undue delay and, where feasible, within 724 hours. Where this cannot achieved within 724 hours, an explanation of the reasons for the delay should accompany the notification. The individuals whose personal data could be adversely affected by the breach should be notified without undue delay in order to allow them to take the necessary precautions. A breach should be considered as adversely affecting the personal data or privacy of a data subject where it could result in, for example, identity theft or fraud, physical harm, significant humiliation or damage to reputation. The notification should describe the nature of the personal data breach as well as recommendations as well as recommendations for the individual concerned to mitigate potential adverse effects. Notifications to data subjects should be made as soon as reasonably feasible, and in close cooperation with the supervisory authority and respecting guidance provided by it or other relevant authorities (e.g. law enforcement authorities). For example, the chance for data subjects to mitigate an immediate risk of harm would call for a prompt notification of data subjects whereas the need to implement appropriate measures against continuing or similar data breaches may justify a longer delay.
Amendment 309 #
Proposal for a regulation
Article 2 – paragraph 1
Article 2 – paragraph 1
1. This Regulation applies to the processing of personal data wholly or partly by automated means, without discrimination of the technology used, and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.
Amendment 353 #
Proposal for a regulation
Article 4 – paragraph 1 – point 14 a (new)
Article 4 – paragraph 1 – point 14 a (new)
(14a) 'Competent supervisory authority' means the supervisory authority which shall be solely competent for the supervision of a controller in accordance with Articles 51(2), 51(3) and 51(4);
Amendment 379 #
Proposal for a regulation
Article 6 – paragraph 1 – point f a (new)
Article 6 – paragraph 1 – point f a (new)
(fa) processing is strictly necessary for the proper response to detected network and/ or information security incidents, breaches or attacks;
Amendment 675 #
Proposal for a regulation
Article 31 – paragraph 1
Article 31 – paragraph 1
1. In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 724 hours after having become aware of it, notify the personal data breach to the supervisory authority. The notification to the supervisory authority shall be accompanied by a reasoned justification in cases where it is not made within 724 hours.
Amendment 810 #
Proposal for a regulation
Article 51 – paragraph 2 a (new)
Article 51 – paragraph 2 a (new)
(2a) Where the Regulation applies to several controllers and/ or processors with the same group of undertakings by virtue of both Article 3(1) and 3(2), only one supervisory authority will be competent and it will be determined in accordance with Article 51(2).
Amendment 823 #
Proposal for a regulation
Article 58 – paragraph 1
Article 58 – paragraph 1
1. Before a supervisorythe competent authority adopts a measure referred to in paragraph 2, this supervisory authority shall communicate the draft measure to the European Data Protection Board and the Commission.
Amendment 832 #
Proposal for a regulation
Article 58 – paragraph 3
Article 58 – paragraph 3
3. Any supervisory authority or the European Data Protection Board may request that any matter shall be dealt with in the consistency mechanism, in particular where a supervisorythe competent authority does not submit a draft measure referred to in paragraph 2 or does not comply with the obligations for mutual assistance in accordance with Article 55 or for joint operations in accordance with Article 56.