In setting detailed rules concerning the format and procedures applicable to the notification of personal data breaches, due consideration should be given to the circumstances of that breach, including whether or not personal data had been protected by appropriate technical protection measures, effectively limiting the likelihood of identity fraud or other forms of misuse. Moreover, such rules and procedures should take into account the legitimate interests of law-enforcement authorities where early disclosure could unnecessarily hamper the investigation of the circumstances of a personal data breach.
GDPR Recital EN
Recital 88
Related across sources
Guidance Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement Guidance Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Version 2.0 Adopted on 20 October 2020 Guidance Guidelines 3/2019 on processing of personal data through video devices Guidance Guidelines 9/2022 on personal data breach notification under GDPR News Data breach in Malta: 65.000 € fine for C-Planet Guidance Guidelines 03/2022 on Deceptive design patterns in social media platform interfaces: how to recognise and avoid them