GDPR Article 34: Communication of a Personal Data Breach

The General Data Protection Regulation (GDPR) Audit reports provide documentation and compliance artifacts that help you demonstrate compliance with requirements outlined by GDPR.

The GDPR Article 34: Communication of a Personal Data Breach report describes and provides access to features in the Alert Logic consolethat help demonstrate compliance with GDPR Article 34.

To access the GDPR Article 34: Communication of a Personal Data Breach report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Compliance.
  3. Under GDPR Audit, click VIEW.
  4. Click GDPR Article 34: Communication of a Personal Data Breach.

The report summary page displays two columns. Requirements lists each requirement from the selected GDPR Article. Available Documentation and Artifacts describes and contains links to the documentation and compliance artifacts that this report can generate to meet each requirement listed by the GDPR Article.

Filter the report

To refine your findings, you can filter your report by date range and customer account.

Filter the report using drop-down menus

By default, Alert Logic includes (All) values for most filters in the report.

To add or remove filter values:

  1. Click the drop-down menu in the filter, and then select or clear values.
  2. Click Apply.

Schedule the report

After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.

Available documentation and artifacts

This report provides documentation and artifacts that help you demonstrate that policies and procedures are implemented to protect data by design and by default.

Requirement 1

Requirement 1 of GDPR Article 34 requires the controller to notify a personal data breach to the data subject without undue delay.

This section provides you with the following links for quick access to appropriate pages in the Alert Logic console:

  • The Alert Logic Escalated Contact report, which lists designated alerted users and escalation contacts when critical incidents are detected in your environment. You can use the Escalated Contact report to review the contacts who are notified in your organization and determine if they are the appropriate supervisory authority competent to handle a personal data breach.
  • The Alert LogicSubscribed Notification Users report, which lists users subscribed to receive notifications for specified customer accounts. You can use the Subscribed Notification Users report to review the contacts who are notified in your organization and determine if they are the appropriate supervisory authority to handle a personal data breach.

Requirement 2

Requirement 2 of GDPR Article 34 requires that the communication to the data subject referred to in requirement 1 be in clear and plain language, and that it describe the nature of the personal data breach and contain at least the information and measured referred to in points (b), (c), and (d) of Article 33, Requirement 3 .

Alert Logic does not provide data for this requirement.

Requirement 3

Requirement 3 of GDPR Article 34 allows that requirement 1 is not required if any of the following conditions are met:

  1. Protection measures were applied to the personal data affected by the breach that render the personal data unintelligible to any person who is not authorised to access it, such as encryption.
  2. Subsequent measures were taken which ensure that the high risk to the rights and freedoms of data subjects are no longer likely.
  3. It would involve disproportionate efforts. In such a case, there shall instead be a public communication or similar measure to inform data subjects in an equally effective manner.

Alert Logic does not provide data for this requirement.

Requirement 4

Requirement 4 of GDPR Article 34 allows, if the controller has not already communicated the data breach to the data subject, a supervisory authority to require the controller to communicate the personal data breach to a data subject or decide that any of the conditions in requirement 3 are met.

Alert Logic does not provide data for this requirement.