Datenpanne melden

Notification of a data breach in accordance with Article 33 GDPR to the Saxon Data Protection and Transparency Officer

Under Article 33 of the General Data Protection Regulation (GDPR), data controllers in Saxony have a duty to report data breaches. The Saxon Data Protection and Transparency Commissioner offers an online service that enables data controllers to report data breaches easily and conveniently using a web form.

With regard to data protection, the Saxon Data Protection and Transparency Commissioner is responsible for

• public bodies (e.g. Saxon state and local authorities, hospitals, schools, police stations, savings banks, chambers of commerce, notary's offices)
• non-public bodies (e.g. companies, associations, private foundations) with headquarters in Saxony

none

The personal data breach is likely to have led to a risk to the rights and freedoms of natural persons.

none

Submit your data breach notification in writing - preferably using the online form (see -> Online application).

If you submit your notification by e-mail or letter, the following information is mandatory:

Details of the person responsible:

• Name/description
• Street, house number, postcode, town/city
• Name of the contact person, their e-mail address and telephone number (if different: e-mail address of the data protection officer)

Details of the reporting person

• Surname, first name
• optional: function, street, house number, postcode, city, telephone number

Details of the incident

• Period of the data breach (from/to)
• Time at which the data breach was detected
• whether the report was made within 72 hours (if not, please give reasons)
• Category of the incident
  (hacking, malicious code, theft, loss, misplacement, software error, incorrect disposal, etc.),
• Category of data affected
  (health, genetic data, political opinions, passwords, addresses, location, photos/videos, trade union membership, banking and credit, racial and ethnic origin, email addresses, data relating to sex life or sexual orientation, biometric data, religious or philosophical beliefs, professional secrecy and so on)
• precise description of the incident, number of persons affected, whether the persons affected were informed (if not, this must be justified)
• likely consequences for those affected
• Description of any other consequences for the data subjects
• technical and organisational measures taken
  (to stop the incident and prevent similar incidents in the future)

Your report of a personal data breach will be registered with the Saxon Data Protection and Transparency Officer. If there is a need for clarification regarding your report, you will be contacted accordingly by the responsible processor.

If there is no further need for clarification, the reporting process is completed for you.

immediately, if possible within 72 hours of becoming aware of the injury

not applicable