Looking for an external Data Protection Officer?DATUREX GmbH Dresden
DATUREXData Protection Laws
ThürDSG — Table of Contents

§ 55 ThürDSG

Notification of personal data breaches

(1)to the State Commissioner for Data Protection (Article 30 of Directive (EU) 2016/680)
(2)The controller shall notify the State Commissioner for Data Protection of personal data breaches without delay and, where feasible, not later than 72 hours after having become aware of them, unless the breach is unlikely to result in a risk to the rights of natural persons. Where the notification to the State Commissioner for Data Protection is not made within 72 hours, it shall be accompanied by reasons for the delay.
(3)A processor shall notify the controller of a personal data breach without delay.
(4)The notification pursuant to paragraph 1 shall contain at least the following information: 1. a description of the nature of the personal data breach, including where possible the categories and the approximate number of data subjects concerned, the categories of personal data concerned and the approximate number of personal data records concerned, 2. the name and contact details of the data protection officer or other contact point where more information can be obtained, 3. a description of the likely consequences of the personal data breach, and 4. a description of the measures taken or proposed by the controller to address the personal data breach and the measures taken to mitigate its possible adverse effects.
(5)Where the information cannot be provided at the same time, the controller shall provide the information without delay in phases.
(6)The controller shall document personal data breaches pursuant to paragraph 1, including all facts relating to them, their effects and the remedial action taken.
(7)Where the personal data breach concerns personal data that have been transmitted by or to the controller in another Member State of the European Union, the information referred to in paragraph 3 shall be communicated to the controller in that Member State without delay.
(8)Further obligations of the controller to notify personal data breaches shall remain unaffected. zur Einzelansicht § 55
Source:
https://landesrecht.thueringen.de/bsth/document/jlr-DSGTHrahmen
Citation:
GVBl. TH 2018 S. 229
As of:
2024-01-01
Retrieved:
2026-02-28