Notifications of personal data breaches
According to Art. 2 Par. 1 and 2 of Commission Regulation (EU) No 611/2013 on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC of the European Parliament and of the Council (Directive on privacy and electronic communications), in case of a personal data breach, operators of electronic communications services must notify the competent national authority within 24 hours after the detection of a personal data breach. The notification to the Data Protection Authority shall include the information set out in Annex I of the mentioned Regulation.
The data protection authority can be contacted as follows.
- E-Mail: dsb@dsb.gv.at
- Phone: +43 1 52 152-0
- Address: 1030 Wien, Barichgasse 40-42
When the personal data breach is likely to adversely affect the personal data or privacy of a subscriber or individual, the provider shall, according to Art. 3 Par. 1 of the Regulation, also notify the subscriber or individual of the breach. According to Art. 4 Par. 1 of the Regulation, notification of a personal data breach to a subscriber or individual concerned shall not be required if the provider has demonstrated to the satisfaction of the competent national authority that it has implemented appropriate technological protection measures, and that those measures were applied to the data concerned by the security breach.