Abstract

This article analyses the problems currently facing data controllers in the context of data breaches. The issue is one of the main focuses of the Polish Data Protection Authority and affects various sectors. Data breach notification is often the first time contact with the Authority. The obligations laid down in Art. 33 and 34 of the GDPR are not, however, always clear, and data controllers are left with many data breach notification related problems without clear guidance. Although the European Data Protection Board works on more user friendly and example rich guidelines, many questions remain unanswered.