Looking for an external Data Protection Officer?DATUREX GmbH Dresden
DATUREXData Protection Laws
LDSG SH — Table of Contents

§ 42 LDSG SH

Notification of data subjects in the event of a personal data breach

(1)Where a personal data breach is likely to result in a high risk to the rights of data subjects, the controller shall notify the data subjects of the incident without undue delay.
(2)The notification pursuant to paragraph 1 shall describe in clear and plain language the nature of the personal data breach and shall contain at least the information and measures referred to in § 41(3) numbers 2 to 4.
(3)The notification pursuant to paragraph 1 may be dispensed with where 1. the controller has implemented appropriate technical and organisational security measures and those measures have been applied to the personal data affected by the breach; this shall apply in particular to measures such as encryption which render the data inaccessible to unauthorised persons; 2. the controller has ensured by subsequent measures that the high risk within the meaning of paragraph 1 is, in all probability, no longer likely to materialise; or 3. it would involve a disproportionate effort; in that case, a public communication or similar measure shall be made instead, whereby the data subjects are informed in an equally effective manner.
(4)Where the controller has not notified the data subjects of a personal data breach, the Land Commissioner may formally determine that, in his or her opinion, the conditions referred to in paragraph 3 are not met. In doing so, he or she shall take into account the likelihood that the breach may result in a high risk within the meaning of paragraph 1.
(5)The notification of data subjects pursuant to paragraph 1 may, subject to the conditions referred to in § 32(2), be deferred, restricted or dispensed with, provided that the interests of the data subject do not outweigh on account of the high risk arising from the breach within the meaning of paragraph 1.
(6)A notification pursuant to paragraph 1 may only be used in criminal proceedings against the person obliged to notify or the person making the notification, or against his or her relatives designated in § 52(1) of the Code of Criminal Procedure, with the consent of the person obliged to notify or the person making the notification. zur Einzelansicht § 42
Source:
https://www.gesetze-rechtsprechung.sh.juris.de/bssh/document/jlr-DSGSHrahmen
Citation:
GVOBl. SH 2018 S. 162
As of:
2024-01-01
Retrieved:
2026-02-28