§ GDPR · Article 34

GDPR Article 34: Obligations, Deadlines & Penalties

Regulation (EU) 2016/679, Article 34 · All obligations · GDPR
At a glance
Article 34 of the GDPR imposes 3 obligations on controller. At least one obligation carries an explicit compliance deadline.
§ Obligations

All obligations under Article 34

Obligation 1
The controller shall communicate the personal data breach to the data subject without undue delay when the breach is likely to result in a high risk to the rights and freedoms of natural persons. Regulation (EU) 2016/679, Article 34, Article 34
Obligated entity
controller
Action required
communicate
Deadline
without undue delay
Penalty
Obligation 2
The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and contain at least the information and measures referred to in points (b), (c) and (d) of Article 33(3). Regulation (EU) 2016/679, Article 34, Article 34
Obligated entity
controller
Action required
describe
Deadline
Penalty
Obligation 3
If the controller has not communicated the breach due to disproportionate effort, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner. Regulation (EU) 2016/679, Article 34, Article 34
Obligated entity
controller
Action required
communicate
Deadline
Penalty
§ Frequently asked

Questions about Article 34

Who must comply with Article 34 of the GDPR? +
controller.
What does Article 34 of the GDPR require? +
communicate describe
What is the compliance deadline for GDPR Article 34? +
without undue delay
Need a cross-border briefing on GDPR Article 34?
Search Fontvera ↵
All EU obligation pages  ·  All GDPR articles