The General Data Protection Regulation - a practical guide for trade unionists (March 2018)

Chapter 4

Personal data breaches

[ch 4: page 32]

Article 34 of the GDPR imposes an obligation on the data controller to notify the data subject of a personal data breach where that breach presents a high risk to an individual’s rights and freedoms, subject to certain qualifications. For example, there is no requirement to notify the data subject where the data was protected by measures that render it unintelligible to anyone who is not authorised to access it, such as encryption.


This information is copyright to the Labour Research Department (LRD) and may not be reproduced without the permission of the LRD.