Regulation: EU 2016/679
Effective: Ongoing (since 25.5.2018)
Scope: Personal data protection
What is GDPR?
GDPR (General Data Protection Regulation) is the EU regulation on the protection of natural persons with regard to the processing of personal data. It applies to all organisations processing data of EU residents.
Key Terms
| Term | Definition |
|---|
| Personal data | Any information identifying a natural person |
| Data subject | Natural person whose data you process |
| Controller | Determines the purposes and means of processing |
| Processor | Processes data on behalf of the controller |
| DPO | Data Protection Officer |
| DSAR | Data Subject Access Request |
| DPIA | Data Protection Impact Assessment |
Legal Bases for Processing
| # | Legal Basis | Description | Examples |
|---|
| 1 | CONSENT (Consent) | Explicit opt-in, revocable at any time | Marketing, cookies, newsletter |
| 2 | CONTRACT (Contract) | Necessary for contract performance | Product/service delivery |
| 3 | LEGAL OBLIGATION (Legal obligation) | Law requires processing | Tax, accounting, regulatory reports |
| 4 | LEGITIMATE INTEREST (Legitimate interest) | Your interest vs. subject’s rights (LIA assessment) | Analytics, fraud prevention, direct marketing |
| 5 | VITAL INTEREST (Vital interest) | Protecting the subject’s life | Medical emergency |
| 6 | PUBLIC INTEREST (Public task) | Exercise of official authority | Government |
Data Subject Rights
| Right | Article | SLA | Description |
|---|
| Access | Art. 15 | 30 days | Export of all data about the subject |
| Rectification | Art. 16 | 30 days | Correction of inaccurate data |
| Erasure | Art. 17 | 30 days | ”Right to be forgotten” |
| Restriction | Art. 18 | 30 days | Suspension of processing |
| Portability | Art. 20 | 30 days | Export in machine-readable format |
| Objection | Art. 21 | 30 days | Objection to processing |
| Automated decision-making | Art. 22 | 30 days | Right to human review |
DSAR Workflow
%3btext-align:center%3b%7d%23mermaid-0 .edgeLabel p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-0 .edgeLabel rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-0 .labelBkg%7bbackground-color:rgba(232%2c 232%2c 232%2c 0.5)%3b%7d%23mermaid-0 .cluster rect%7bfill:%23ffffde%3bstroke:%23aaaa33%3bstroke-width:1px%3b%7d%23mermaid-0 .cluster text%7bfill:%23333%3b%7d%23mermaid-0 .cluster span%7bcolor:%23333%3b%7d%23mermaid-0 div.mermaidTooltip%7bposition:absolute%3btext-align:center%3bmax-width:200px%3bpadding:2px%3bfont-family:arial%2csans-serif%3bfont-size:12px%3bbackground:hsl(80%2c 100%25%2c 96.2745098039%25)%3bborder:1px solid %23aaaa33%3bborder-radius:2px%3bpointer-events:none%3bz-index:100%3b%7d%23mermaid-0 .flowchartTitleText%7btext-anchor:middle%3bfont-size:18px%3bfill:%23333%3b%7d%23mermaid-0 rect.text%7bfill:none%3bstroke-width:0%3b%7d%23mermaid-0 .icon-shape%2c%23mermaid-0 .image-shape%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3btext-align:center%3b%7d%23mermaid-0 .icon-shape p%2c%23mermaid-0 .image-shape p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bpadding:2px%3b%7d%23mermaid-0 .icon-shape .label rect%2c%23mermaid-0 .image-shape .label rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-0 .label-icon%7bdisplay:inline-block%3bheight:1em%3boverflow:visible%3bvertical-align:-0.125em%3b%7d%23mermaid-0 .node .label-icon path%7bfill:currentColor%3bstroke:revert%3bstroke-width:revert%3b%7d%23mermaid-0 :root%7b--mermaid-font-family:arial%2csans-serif%3b%7d%3c/style%3e%3cg%3e%3cmarker id='mermaid-0_flowchart-v2-pointEnd' class='marker flowchart-v2' viewBox='0 0 10 10' refX='5' refY='5' markerUnits='userSpaceOnUse' markerWidth='8' markerHeight='8' orient='auto'%3e%3cpath d='M 0 0 L 10 5 L 0 10 z' class='arrowMarkerPath' style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-0_flowchart-v2-pointStart' class='marker flowchart-v2' viewBox='0 0 10 10' refX='4.5' refY='5' markerUnits='userSpaceOnUse' markerWidth='8' markerHeight='8' orient='auto'%3e%3cpath d='M 0 5 L 10 10 L 10 0 z' class='arrowMarkerPath' style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-0_flowchart-v2-circleEnd' class='marker flowchart-v2' viewBox='0 0 10 10' refX='11' refY='5' markerUnits='userSpaceOnUse' markerWidth='11' markerHeight='11' orient='auto'%3e%3ccircle cx='5' cy='5' r='5' class='arrowMarkerPath' style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-0_flowchart-v2-circleStart' class='marker flowchart-v2' viewBox='0 0 10 10' refX='-1' refY='5' markerUnits='userSpaceOnUse' markerWidth='11' markerHeight='11' orient='auto'%3e%3ccircle cx='5' cy='5' r='5' class='arrowMarkerPath' style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-0_flowchart-v2-crossEnd' class='marker cross flowchart-v2' viewBox='0 0 11 11' refX='12' refY='5.2' markerUnits='userSpaceOnUse' markerWidth='11' markerHeight='11' orient='auto'%3e%3cpath d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9' class='arrowMarkerPath' style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-0_flowchart-v2-crossStart' class='marker cross flowchart-v2' viewBox='0 0 11 11' refX='-1' refY='5.2' markerUnits='userSpaceOnUse' markerWidth='11' markerHeight='11' orient='auto'%3e%3cpath d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9' class='arrowMarkerPath' style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cg class='root'%3e%3cg class='clusters'/%3e%3cg class='edgePaths'%3e%3cpath d='M603%2c86L603%2c90.167C603%2c94.333%2c603%2c102.667%2c603%2c110.333C603%2c118%2c603%2c125%2c603%2c128.5L603%2c132' id='L_A_B_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_A_B_0' data-points='W3sieCI6NjAzLCJ5Ijo4Nn0seyJ4Ijo2MDMsInkiOjExMX0seyJ4Ijo2MDMsInkiOjEzNn1d' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M603%2c214L603%2c218.167C603%2c222.333%2c603%2c230.667%2c603%2c238.333C603%2c246%2c603%2c253%2c603%2c256.5L603%2c260' id='L_B_C_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_B_C_0' data-points='W3sieCI6NjAzLCJ5IjoyMTR9LHsieCI6NjAzLCJ5IjoyMzl9LHsieCI6NjAzLCJ5IjoyNjR9XQ==' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M603%2c342L603%2c346.167C603%2c350.333%2c603%2c358.667%2c603%2c366.333C603%2c374%2c603%2c381%2c603%2c384.5L603%2c388' id='L_C_D_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_C_D_0' data-points='W3sieCI6NjAzLCJ5IjozNDJ9LHsieCI6NjAzLCJ5IjozNjd9LHsieCI6NjAzLCJ5IjozOTJ9XQ==' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M473%2c448.892L417.167%2c456.577C361.333%2c464.262%2c249.667%2c479.631%2c193.833%2c490.815C138%2c502%2c138%2c509%2c138%2c512.5L138%2c516' id='L_D_D1_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_D_D1_0' data-points='W3sieCI6NDczLCJ5Ijo0NDguODkyNDczMTE4Mjc5NTV9LHsieCI6MTM4LCJ5Ijo0OTV9LHsieCI6MTM4LCJ5Ijo1MjB9XQ==' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M508.547%2c470L498.456%2c474.167C488.365%2c478.333%2c468.182%2c486.667%2c458.091%2c494.333C448%2c502%2c448%2c509%2c448%2c512.5L448%2c516' id='L_D_D2_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_D_D2_0' data-points='W3sieCI6NTA4LjU0Njg3NSwieSI6NDcwfSx7IngiOjQ0OCwieSI6NDk1fSx7IngiOjQ0OCwieSI6NTIwfV0=' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M697.453%2c470L707.544%2c474.167C717.635%2c478.333%2c737.818%2c486.667%2c747.909%2c494.333C758%2c502%2c758%2c509%2c758%2c512.5L758%2c516' id='L_D_D3_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_D_D3_0' data-points='W3sieCI6Njk3LjQ1MzEyNSwieSI6NDcwfSx7IngiOjc1OCwieSI6NDk1fSx7IngiOjc1OCwieSI6NTIwfV0=' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M733%2c448.892L788.833%2c456.577C844.667%2c464.262%2c956.333%2c479.631%2c1012.167%2c490.815C1068%2c502%2c1068%2c509%2c1068%2c512.5L1068%2c516' id='L_D_D4_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_D_D4_0' data-points='W3sieCI6NzMzLCJ5Ijo0NDguODkyNDczMTE4Mjc5NTV9LHsieCI6MTA2OCwieSI6NDk1fSx7IngiOjEwNjgsInkiOjUyMH1d' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M138%2c598L138%2c602.167C138%2c606.333%2c138%2c614.667%2c195.68%2c625.284C253.36%2c635.9%2c368.72%2c648.801%2c426.4%2c655.251L484.079%2c661.701' id='L_D1_E_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_D1_E_0' data-points='W3sieCI6MTM4LCJ5Ijo1OTh9LHsieCI6MTM4LCJ5Ijo2MjN9LHsieCI6NDg4LjA1NDY4NzUsInkiOjY2Mi4xNDU5MDA1Mzc2MzQ0fV0=' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M448%2c598L448%2c602.167C448%2c606.333%2c448%2c614.667%2c459.788%2c622.788C471.576%2c630.909%2c495.151%2c638.819%2c506.939%2c642.773L518.727%2c646.728' id='L_D2_E_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_D2_E_0' data-points='W3sieCI6NDQ4LCJ5Ijo1OTh9LHsieCI6NDQ4LCJ5Ijo2MjN9LHsieCI6NTIyLjUxOTIzMDc2OTIzMDcsInkiOjY0OH1d' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M758%2c598L758%2c602.167C758%2c606.333%2c758%2c614.667%2c746.212%2c622.788C734.424%2c630.909%2c710.849%2c638.819%2c699.061%2c642.773L687.273%2c646.728' id='L_D3_E_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_D3_E_0' data-points='W3sieCI6NzU4LCJ5Ijo1OTh9LHsieCI6NzU4LCJ5Ijo2MjN9LHsieCI6NjgzLjQ4MDc2OTIzMDc2OTMsInkiOjY0OH1d' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M1068%2c598L1068%2c602.167C1068%2c606.333%2c1068%2c614.667%2c1010.32%2c625.284C952.64%2c635.9%2c837.28%2c648.801%2c779.6%2c655.251L721.921%2c661.701' id='L_D4_E_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_D4_E_0' data-points='W3sieCI6MTA2OCwieSI6NTk4fSx7IngiOjEwNjgsInkiOjYyM30seyJ4Ijo3MTcuOTQ1MzEyNSwieSI6NjYyLjE0NTkwMDUzNzYzNDR9XQ==' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3cpath d='M603%2c702L603%2c706.167C603%2c710.333%2c603%2c718.667%2c603%2c726.333C603%2c734%2c603%2c741%2c603%2c744.5L603%2c748' id='L_E_F_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_E_F_0' data-points='W3sieCI6NjAzLCJ5Ijo3MDJ9LHsieCI6NjAzLCJ5Ijo3Mjd9LHsieCI6NjAzLCJ5Ijo3NTJ9XQ==' marker-end='url(%23mermaid-0_flowchart-v2-pointEnd)'/%3e%3c/g%3e%3cg class='edgeLabels'%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_A_B_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_B_C_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_C_D_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_D_D1_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_D_D2_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_D_D3_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_D_D4_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_D1_E_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_D2_E_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_D3_E_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_D4_E_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_E_F_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg class='nodes'%3e%3cg class='node default' id='flowchart-A-0' transform='translate(603%2c 47)'%3e%3crect class='basic label-container' style='' x='-124.234375' y='-39' width='248.46875' height='78'/%3e%3cg class='label' style='' transform='translate(-94.234375%2c -24)'%3e%3crect/%3e%3cforeignObject width='188.46875' height='48'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3eDSAR Received%3cbr /%3eemail: dpo%40company.com%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-B-1' transform='translate(603%2c 175)'%3e%3crect class='basic label-container' style='' x='-130' y='-39' width='260' height='78'/%3e%3cg class='label' style='' transform='translate(-100%2c -24)'%3e%3crect/%3e%3cforeignObject width='200' height='48'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table%3b white-space: break-spaces%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b width: 200px%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3eAcknowledge within 10 days%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-C-3' transform='translate(603%2c 303)'%3e%3crect class='basic label-container' style='' x='-95.21875' y='-39' width='190.4375' height='78'/%3e%3cg class='label' style='' transform='translate(-65.21875%2c -24)'%3e%3crect/%3e%3cforeignObject width='130.4375' height='48'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3eVerify identity%3cbr /%3eemail%2c official docs%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-D-5' transform='translate(603%2c 431)'%3e%3crect class='basic label-container' style='' x='-130' y='-39' width='260' height='78'/%3e%3cg class='label' style='' transform='translate(-100%2c -24)'%3e%3crect/%3e%3cforeignObject width='200' height='48'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table%3b white-space: break-spaces%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b width: 200px%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3eExecute request %e2%80%94 30 days SLA%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-D1-7' transform='translate(138%2c 559)'%3e%3crect class='basic label-container' style='' x='-130' y='-39' width='260' height='78'/%3e%3cg class='label' style='' transform='translate(-100%2c -24)'%3e%3crect/%3e%3cforeignObject width='200' height='48'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table%3b white-space: break-spaces%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b width: 200px%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3eAccess: export user data %e2%80%94 CSV%2c JSON%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-D2-9' transform='translate(448%2c 559)'%3e%3crect class='basic label-container' style='' x='-130' y='-39' width='260' height='78'/%3e%3cg class='label' style='' transform='translate(-100%2c -24)'%3e%3crect/%3e%3cforeignObject width='200' height='48'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table%3b white-space: break-spaces%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b width: 200px%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3eErasure: delete user%2c all backups%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-D3-11' transform='translate(758%2c 559)'%3e%3crect class='basic label-container' style='' x='-130' y='-39' width='260' height='78'/%3e%3cg class='label' style='' transform='translate(-100%2c -24)'%3e%3crect/%3e%3cforeignObject width='200' height='48'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table%3b white-space: break-spaces%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b width: 200px%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3eCorrection: update fields%2c log%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-D4-13' transform='translate(1068%2c 559)'%3e%3crect class='basic label-container' style='' x='-130' y='-39' width='260' height='78'/%3e%3cg class='label' style='' transform='translate(-100%2c -24)'%3e%3crect/%3e%3cforeignObject width='200' height='48'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table%3b white-space: break-spaces%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b width: 200px%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3ePortability: same format as access%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-E-18' transform='translate(603%2c 675)'%3e%3crect class='basic label-container' style='' x='-114.9453125' y='-27' width='229.890625' height='54'/%3e%3cg class='label' style='' transform='translate(-84.9453125%2c -12)'%3e%3crect/%3e%3cforeignObject width='169.890625' height='24'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3eRespond within 30 days%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-F-20' transform='translate(603%2c 779)'%3e%3crect class='basic label-container' style='' x='-109.15625' y='-27' width='218.3125' height='54'/%3e%3cg class='label' style='' transform='translate(-79.15625%2c -12)'%3e%3crect/%3e%3cforeignObject width='158.3125' height='24'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3eDocument %e2%80%94 audit log%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Data Breach Notification
Timeline
%3btext-align:center%3b%7d%23mermaid-1 .edgeLabel p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-1 .edgeLabel rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-1 .labelBkg%7bbackground-color:rgba(232%2c 232%2c 232%2c 0.5)%3b%7d%23mermaid-1 .cluster rect%7bfill:%23ffffde%3bstroke:%23aaaa33%3bstroke-width:1px%3b%7d%23mermaid-1 .cluster text%7bfill:%23333%3b%7d%23mermaid-1 .cluster span%7bcolor:%23333%3b%7d%23mermaid-1 div.mermaidTooltip%7bposition:absolute%3btext-align:center%3bmax-width:200px%3bpadding:2px%3bfont-family:arial%2csans-serif%3bfont-size:12px%3bbackground:hsl(80%2c 100%25%2c 96.2745098039%25)%3bborder:1px solid %23aaaa33%3bborder-radius:2px%3bpointer-events:none%3bz-index:100%3b%7d%23mermaid-1 .flowchartTitleText%7btext-anchor:middle%3bfont-size:18px%3bfill:%23333%3b%7d%23mermaid-1 rect.text%7bfill:none%3bstroke-width:0%3b%7d%23mermaid-1 .icon-shape%2c%23mermaid-1 .image-shape%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3btext-align:center%3b%7d%23mermaid-1 .icon-shape p%2c%23mermaid-1 .image-shape p%7bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bpadding:2px%3b%7d%23mermaid-1 .icon-shape .label rect%2c%23mermaid-1 .image-shape .label rect%7bopacity:0.5%3bbackground-color:rgba(232%2c232%2c232%2c 0.8)%3bfill:rgba(232%2c232%2c232%2c 0.8)%3b%7d%23mermaid-1 .label-icon%7bdisplay:inline-block%3bheight:1em%3boverflow:visible%3bvertical-align:-0.125em%3b%7d%23mermaid-1 .node .label-icon path%7bfill:currentColor%3bstroke:revert%3bstroke-width:revert%3b%7d%23mermaid-1 :root%7b--mermaid-font-family:arial%2csans-serif%3b%7d%3c/style%3e%3cg%3e%3cmarker id='mermaid-1_flowchart-v2-pointEnd' class='marker flowchart-v2' viewBox='0 0 10 10' refX='5' refY='5' markerUnits='userSpaceOnUse' markerWidth='8' markerHeight='8' orient='auto'%3e%3cpath d='M 0 0 L 10 5 L 0 10 z' class='arrowMarkerPath' style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-1_flowchart-v2-pointStart' class='marker flowchart-v2' viewBox='0 0 10 10' refX='4.5' refY='5' markerUnits='userSpaceOnUse' markerWidth='8' markerHeight='8' orient='auto'%3e%3cpath d='M 0 5 L 10 10 L 10 0 z' class='arrowMarkerPath' style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-1_flowchart-v2-circleEnd' class='marker flowchart-v2' viewBox='0 0 10 10' refX='11' refY='5' markerUnits='userSpaceOnUse' markerWidth='11' markerHeight='11' orient='auto'%3e%3ccircle cx='5' cy='5' r='5' class='arrowMarkerPath' style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-1_flowchart-v2-circleStart' class='marker flowchart-v2' viewBox='0 0 10 10' refX='-1' refY='5' markerUnits='userSpaceOnUse' markerWidth='11' markerHeight='11' orient='auto'%3e%3ccircle cx='5' cy='5' r='5' class='arrowMarkerPath' style='stroke-width: 1%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-1_flowchart-v2-crossEnd' class='marker cross flowchart-v2' viewBox='0 0 11 11' refX='12' refY='5.2' markerUnits='userSpaceOnUse' markerWidth='11' markerHeight='11' orient='auto'%3e%3cpath d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9' class='arrowMarkerPath' style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cmarker id='mermaid-1_flowchart-v2-crossStart' class='marker cross flowchart-v2' viewBox='0 0 11 11' refX='-1' refY='5.2' markerUnits='userSpaceOnUse' markerWidth='11' markerHeight='11' orient='auto'%3e%3cpath d='M 1%2c1 l 9%2c9 M 10%2c1 l -9%2c9' class='arrowMarkerPath' style='stroke-width: 2%3b stroke-dasharray: 1%2c 0%3b'/%3e%3c/marker%3e%3cg class='root'%3e%3cg class='clusters'/%3e%3cg class='edgePaths'%3e%3cpath d='M138%2c134L138%2c138.167C138%2c142.333%2c138%2c150.667%2c138%2c158.333C138%2c166%2c138%2c173%2c138%2c176.5L138%2c180' id='L_T0_T24_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_T0_T24_0' data-points='W3sieCI6MTM4LCJ5IjoxMzR9LHsieCI6MTM4LCJ5IjoxNTl9LHsieCI6MTM4LCJ5IjoxODR9XQ==' marker-end='url(%23mermaid-1_flowchart-v2-pointEnd)'/%3e%3cpath d='M138%2c310L138%2c314.167C138%2c318.333%2c138%2c326.667%2c138%2c334.333C138%2c342%2c138%2c349%2c138%2c352.5L138%2c356' id='L_T24_T72_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_T24_T72_0' data-points='W3sieCI6MTM4LCJ5IjozMTB9LHsieCI6MTM4LCJ5IjozMzV9LHsieCI6MTM4LCJ5IjozNjB9XQ==' marker-end='url(%23mermaid-1_flowchart-v2-pointEnd)'/%3e%3cpath d='M138%2c510L138%2c514.167C138%2c518.333%2c138%2c526.667%2c138%2c534.333C138%2c542%2c138%2c549%2c138%2c552.5L138%2c556' id='L_T72_T4W_0' class='edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link' style='%3b' data-edge='true' data-et='edge' data-id='L_T72_T4W_0' data-points='W3sieCI6MTM4LCJ5Ijo1MTB9LHsieCI6MTM4LCJ5Ijo1MzV9LHsieCI6MTM4LCJ5Ijo1NjB9XQ==' marker-end='url(%23mermaid-1_flowchart-v2-pointEnd)'/%3e%3c/g%3e%3cg class='edgeLabels'%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_T0_T24_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_T24_T72_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='edgeLabel'%3e%3cg class='label' data-id='L_T72_T4W_0' transform='translate(0%2c 0)'%3e%3cforeignObject width='0' height='0'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' class='labelBkg' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='edgeLabel'%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg class='nodes'%3e%3cg class='node default' id='flowchart-T0-0' transform='translate(138%2c 71)'%3e%3crect class='basic label-container' style='' x='-130' y='-63' width='260' height='126'/%3e%3cg class='label' style='' transform='translate(-100%2c -48)'%3e%3crect/%3e%3cforeignObject width='200' height='96'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table%3b white-space: break-spaces%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b width: 200px%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3eT%2b0 Discovery%3cbr /%3eNotify CISO %2b DPO %2b CEO%3cbr /%3eIsolate system %7c Start forensics%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-T24-2' transform='translate(138%2c 247)'%3e%3crect class='basic label-container' style='' x='-101.1484375' y='-63' width='202.296875' height='126'/%3e%3cg class='label' style='' transform='translate(-71.1484375%2c -48)'%3e%3crect/%3e%3cforeignObject width='142.296875' height='96'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3eT%2b24h Assessment%3cbr /%3eIs it a breach%3f%3cbr /%3eRisk assessment%3cbr /%3eNotification decision%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-T72-4' transform='translate(138%2c 435)'%3e%3crect class='basic label-container' style='fill:%23fecaca !important%3bstroke:%23dc2626 !important' x='-130' y='-75' width='260' height='150'/%3e%3cg class='label' style='color:black !important' transform='translate(-100%2c -60)'%3e%3crect/%3e%3cforeignObject width='200' height='120'%3e%3cdiv style='color: rgb(0%2c 0%2c 0) !important%3b display: table%3b white-space: break-spaces%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b width: 200px%3b' xmlns='http://www.w3.org/1999/xhtml'%3e%3cspan style='color:black !important' class='nodeLabel'%3e%3cp%3eT%2b72h GDPR DEADLINE%3cbr /%3eReport to DPA %e2%80%94 supervisory authority%3cbr /%3eNotify subjects %e2%80%94 if high risk%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3cg class='node default' id='flowchart-T4W-6' transform='translate(138%2c 611)'%3e%3crect class='basic label-container' style='' x='-119.4375' y='-51' width='238.875' height='102'/%3e%3cg class='label' style='' transform='translate(-89.4375%2c -36)'%3e%3crect/%3e%3cforeignObject width='178.875' height='72'%3e%3cdiv xmlns='http://www.w3.org/1999/xhtml' style='display: table-cell%3b white-space: nowrap%3b line-height: 1.5%3b max-width: 200px%3b text-align: center%3b'%3e%3cspan class='nodeLabel'%3e%3cp%3eT%2b1-4w Remediation%3cbr /%3eRoot cause analysis%3cbr /%3eFix %2b audit %7c Post-mortem%3c/p%3e%3c/span%3e%3c/div%3e%3c/foreignObject%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
When to Notify?
| Situation | Notify DPA | Notify subjects |
|---|
| Encrypted data stolen | No | No |
| Unencrypted PII stolen | Yes (72h) | Yes (asap) |
| Health data breach | Yes (72h) | Yes (asap) |
| Internal access without authorisation | Depends on scope | Depends on risk |
Penalties
| Category | Penalty |
|---|
| Severe violation | up to EUR 20M or 4% of global annual turnover |
| Medium violation | up to EUR 10M or 2% of turnover |
Examples:
- Meta: EUR 1.2B (2023) --- data transfer to the US
- Amazon: EUR 746M (2021) --- cookies
- Google: EUR 90M (2022) --- cookies in France
Next Steps
- Review data mapping
- Set up DSAR workflow
- Go through the checklist
Resources