OVHcloud Help centre

Hello. How can we help you?

In which cases should the data subjects be informed?

In accordance with Article 34(1) of the GDPR, when the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.

The level of risk is assessed in particular by taking into account the type of data concerned, the population concerned and the potential consequences of the breach for individuals (for example, the definitive loss of a patient’s health data may present such a risk).

Examples can be found in the European Data Protection Committee Guidelines 01/2021, as well as in the Article 29 Working Party guidelines, endorsed by the European Data Protection Committee, on reporting data breaches.

If you are a processor, this obligation does not apply, but you must notify the controller concerned.

Did you find this advice helpful? or
Great! We're glad we could help.
Thanks for your help! Your feedback will be reviewed as soon as possible by our teams.
Tell us why you didn't find your answer. Your support requests will not be processed through this form. To do this, please use the create a ticket form.