Personal data breaches

Article 34 of the GDPR imposes an obligation on the data controller to notify the data subject of a personal data breach where that breach presents a high risk to an individual’s rights and freedoms, subject to certain qualifications. For example, there is no requirement to notify the data subject where the data was protected by measures that render it unintelligible to anyone who is not authorised to access it, such as encryption.