§ GDPR · Article 34
GDPR Article 34: Obligations, Deadlines & Penalties
At a glance
Article 34 of the GDPR imposes 3 obligations on controller. At least one obligation carries an explicit compliance deadline.
§ Obligations
All obligations under Article 34
Obligation 1
The controller shall communicate the personal data breach to the data subject without undue delay when the breach is likely to result in a high risk to the rights and freedoms of natural persons.
Regulation (EU) 2016/679, Article 34, Article 34
- Obligated entity
-
controller
- Action required
-
communicate
- Deadline
-
without undue delay
- Penalty
-
—
Obligation 2
The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and contain at least the information and measures referred to in points (b), (c) and (d) of Article 33(3).
Regulation (EU) 2016/679, Article 34, Article 34
- Obligated entity
-
controller
- Action required
-
describe
- Deadline
-
—
- Penalty
-
—
Obligation 3
If the controller has not communicated the breach due to disproportionate effort, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.
Regulation (EU) 2016/679, Article 34, Article 34
- Obligated entity
-
controller
- Action required
-
communicate
- Deadline
-
—
- Penalty
-
—
§ Frequently asked
Questions about Article 34
Who must comply with Article 34 of the GDPR?
+
controller.
What does Article 34 of the GDPR require?
+
communicate describe
What is the compliance deadline for GDPR Article 34?
+
without undue delay