Looking for an external Data Protection Officer?DATUREX GmbH Dresden
DATUREXData Protection Laws
HDSIG — Table of Contents

§ 61 HDSIG

Notification of Data Subjects

(1)in the Event of Personal Data Breaches
(2)Where a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall notify the data subjects of the breach without undue delay. § 59 para. 1 sentence 2 shall apply accordingly.
(3)The notification under para. 1 shall describe, in clear and plain language, the nature of the personal data breach and contain at least the information and measures referred to in § 60 para. 3 nos. 2 to 4.
(4)The notification of the data subject under para. 1 shall not be required where 1. the controller has implemented appropriate technical and organisational safeguards and those safeguards were applied to the personal data affected by the breach; this shall apply in particular to safeguards such as encryption that render the data unintelligible to any person who is not authorised to access it; 2. the controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of the data subjects within the meaning of para. 1 is in all likelihood no longer materialising; or 3. it would involve a disproportionate effort; in that case, a public communication or a similar measure shall be made instead, by which the data subjects are informed in an equally effective manner.
(5)Where the controller has not notified the data subjects of a personal data breach, the Hessian Data Protection Commissioner may require the controller to do so, or may establish with binding effect that certain of the conditions referred to in para. 3 are met. In doing so, he or she shall take into account the likelihood that the personal data breach will result in a high risk within the meaning of para. 1.
(6)The notification of the data subjects under para. 1 may be postponed, restricted or omitted under the conditions referred to in § 51 para. 2, insofar as the interests of the data subject do not prevail on account of the high risk arising from the breach within the meaning of para. 1.
(7)§ 37 para. 4 shall apply accordingly. zur Einzelansicht § 61
Source:
https://www.rv.hessenrecht.hessen.de/bshe/document/jlr-DSIFGHErahmen
Citation:
GVBl. HE I 2018 S. 82
As of:
2024-01-01
Retrieved:
2026-02-28