Looking for an external Data Protection Officer?DATUREX GmbH Dresden
DATUREXData Protection Laws
BlnDSG — Table of Contents

§ 51 BlnDSG

Notification of Personal Data Breaches

(1)to the Berlin Commissioner for Data Protection and Freedom of Information
(2)The controller shall notify the Berlin Commissioner for Data Protection and Freedom of Information of a personal data breach without undue delay and, where feasible, no later than 72 hours after having become aware of it, unless the breach is unlikely to result in a risk to the rights of natural persons. Where the notification to the Berlin Commissioner for Data Protection and Freedom of Information is not made within 72 hours, the reasons for the delay shall be stated.
(3)A processor shall notify the controller of a personal data breach without undue delay.
(4)The notification pursuant to paragraph 1 shall contain at least the following information: 1. a description of the nature of the personal data breach, including, where possible, the categories and approximate number of data subjects affected, the categories of personal data affected and the approximate number of personal data records affected, 2. the name and contact details of the data protection officer or other contact point where more information can be obtained, 3. a description of the likely consequences of the breach, and 4. a description of the measures taken or proposed by the controller to address the breach and the measures taken to mitigate its possible adverse effects.
(5)Where the information pursuant to paragraph 3 cannot be provided together with the notification, the controller shall provide it without undue delay as soon as it becomes available.
(6)The controller shall document personal data breaches. The documentation shall cover all facts relating to the incidents, their effects and the remedial measures taken.
(7)Where a personal data breach affects personal data that have been transmitted from or to a controller in another Member State of the European Union, the information referred to in paragraph 3 shall be communicated to that controller without undue delay.
(8)Further obligations of the controller to provide notification of personal data breaches shall remain unaffected. zur Einzelansicht § 51
Source:
https://gesetze.berlin.de/perma?j=DSG_BE_!_1
Citation:
GVBl. BE 2018 S. 418
As of:
2024-11-14
Retrieved:
2026-02-28