ANGOLA PERSONAL DATA BREACH NOTIFIERS
There is no mandatory breach notification requirement under the Data Protection Law...
ARGENTINA PERSONAL DATA BREACH NOTIFIERS
Not specifically required under data protection law...
AUSTRALIA PERSONAL DATA BREACH NOTIFIERS
Entities with obligations to comply with the APPs under the Privacy Act must comply with mandatory reporting requirements under the...
AUSTRIA PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
BAHRAIN PERSONAL DATA BREACH NOTIFIERS
The PDPL contains a general requirement on the data protection officer to notify the Authority of any breach under the...
BELARUS PERSONAL DATA BREACH NOTIFIERS
There is no general requirement under Belarusian law to notify personal data subject or...
BELGIUM PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
BERMUDA PERSONAL DATA BREACH NOTIFIERS
Once fully in force, PIPA will require notification of a breach of security leading to the loss or...
BOLIVIA PERSONAL DATA BREACH NOTIFIERS
When the person in charge is aware of a breach of security of personal data that occurs at any stage of...
BOSNIA AND HERZEGOVINA PERSONAL DATA BREACH NOTIFIERS
The DP Law does not impose data security breach notification duty on the controller...
BOTSWANA PERSONAL DATA BREACH NOTIFIERS
Data controllers and data processors will be required to immediately notify the Commissioner of any breach to the security safeguards of...
BRAZIL PERSONAL DATA BREACH NOTIFIERS
The controller must report to ANDP and the data subject in a reasonable time period...
BRITISH VIRGIN ISLANDS PERSONAL DATA BREACH NOTIFIERS
There is no requirement to report data security breaches in the BVI...
BULGARIA PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
BURUNDI PERSONAL DATA BREACH NOTIFIERS
There are no breach notification requirements in Burundi...
CANADA PERSONAL DATA BREACH NOTIFIERS
Currently, PIPEDA, PIPA Alberta and PIPITPA are the only Canadian Privacy Statute with breach notification requirements...
CAPE VERDE PERSONAL DATA BREACH NOTIFIERS
There is no formal requirement for breach notification, nor is there formal requirement for mandatory breach notification...
CAYMAN ISLANDS PERSONAL DATA BREACH NOTIFIERS
There are no general requirements to notify any authority or any other person of a breach of confidentiality...
CHILE PERSONAL DATA BREACH NOTIFIERS
There is no obligation to report a data breach...
CHINA PERSONAL DATA BREACH NOTIFIERS
The PRC Cybersecurity Law introduced a general requirement for the reporting and notification of...
COLOMBIA PERSONAL DATA BREACH NOTIFIERS
Under section 17. and section 18. of Law 1581, both the data controller and the data processor shall notify the...
COSTA RICA PERSONAL DATA BREACH NOTIFIERS
Under section 17. and section 18. of Law 1581, both the data controller and the data processor shall notify the...
CROATIA PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
CYPRUS PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
CZECH REPUBLIC PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
DENMARK PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
DOMINICAN REPUBLIC PERSONAL DATA BREACH NOTIFIERS
There is no obligation to notify a breach...
EGYPT PERSONAL DATA BREACH NOTIFIERS
There is no mandatory legal requirement in the Egyptian law to report data security breaches or losses to the authorities or to data subjects...
ETHIOPIA PERSONAL DATA BREACH NOTIFIERS
There is no general breach notification requirement in Ethiopia...
ESTONIA PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
FINLAND PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
FRANCE PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
GERMANY PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
GREECE PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
GHANA PERSONAL DATA BREACH NOTIFIERS
Where there are reasonable grounds to believe that the personal data of a data subject has been accessed or...
GIBRALTAR PERSONAL DATA BREACH NOTIFIERS
There is currently no mandatory requirement in the Act to report data security breaches or losses to...
GUERNSEY PERSONAL DATA BREACH NOTIFIERS
The DPL 2017 defines a 'personal data breach' as a "breach of security leading to the (a) accidental or...
HONDURAS PERSONAL DATA BREACH NOTIFIERS
Breach notification is not required...
HONG KONG, SAR PERSONAL DATA BREACH NOTIFIERS
Currently there is no mandatory requirement under the Ordinance for data users to notify authorities or...
HUNGARY PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
INDIA PERSONAL DATA BREACH NOTIFIERS
The government of India has established and authorised the Indian Computer Emergency Response Team...
ICELAND PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
INDONESIA PERSONAL DATA BREACH NOTIFIERS
Article 14 (5) of Reg. 71 provides that the provider of an Electronic System must provide written notification to...
IRAN PERSONAL DATA BREACH NOTIFIERS
There is no requirement to report data breaches to any individual or regulatory body...
IRELAND PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
ISRAEL PERSONAL DATA BREACH NOTIFIERS
Pursuant to the Data Security Regs, data breach notifications are required depending on the...
ITALY PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
LATVIA PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
JAPAN PERSONAL DATA BREACH NOTIFIERS
It is not legally required to report a data breach incident to the PPC or...
JERSEY PERSONAL DATA BREACH NOTIFIERS
The DPJL includes obligations related to ‘personal data breaches’, which are defined in...
KAZAKHSTAN PERSONAL DATA BREACH NOTIFIERS
There is no express breach notification requirement under Kazakh law in relation to personal data and its protection...
KENYA PERSONAL DATA BREACH NOTIFIERS
Data controllers have an obligation to notify the DPC of any breaches within 72 hours of becoming aware of...
KUWAIT PERSONAL DATA BREACH NOTIFIERS
No specific provisions...
KYRGYZSTAN PERSONAL DATA BREACH NOTIFIERS
If the Holder (Owner) of personal data (data controller) transfers the personal data without consent of the data subject to a third party they must inform the data subject within a week...
LESOTHO PERSONAL DATA BREACH NOTIFIERS
Where there are reasonable grounds to believe that the personal information of a data subject has been accessed or...
LITHUANIA PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
LUXEMBOURG PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
MACAU PERSONAL DATA BREACH NOTIFIERS
None. The Law does not require data processors to notify either the OPDP or data subjects about any personal data breach...
MADAGASCAR PERSONAL DATA BREACH NOTIFIERS
The Data Protection Law does not set out any general or specific obligation to notify the CMIL or...
MALAYSIA PERSONAL DATA BREACH NOTIFIERS
There is no requirement under the PDPA for data users to notify authorities regarding data breaches in...
MALTA PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
MAURITIUS PERSONAL DATA BREACH NOTIFIERS
Under the DPA 2017, a personal data breach is a breach of security leading to the accidental or...
MEXICO PERSONAL DATA BREACH NOTIFIERS
Security breaches occurring at any stage of the processing that materially affect the property or...
MOLDOVA PERSONAL DATA BREACH NOTIFIERS
Data controllers shall submit to the NCPDP an annual report on any security incidents involving information systems during that year...
MONACO PERSONAL DATA BREACH NOTIFIERS
There is no mandatory requirement in the DPL to report security breaches or losses to the CCIN or to data subjects...
MONTENEGRO PERSONAL DATA BREACH NOTIFIERS
There is no data security breach notification requirement under the DP Law...
MOROCCO PERSONAL DATA BREACH NOTIFIERS
There is no requirement for a data protection officer under the DP Law, except, where relevant...
MOZAMBIQUE PERSONAL DATA BREACH NOTIFIERS
There is no breach notification requirement in Mozambique...
NAMIBIA PERSONAL DATA BREACH NOTIFIERS
There are no requirements to report data breaches to any individual or regulatory body...
NETHERLANDS PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
NEW ZEALAND PERSONAL DATA BREACH NOTIFIERS
There is no mandatory requirement in the Act to report an interference with privacy...
NIGERIA PERSONAL DATA BREACH NOTIFIERS
There is no mandatory requirement to report data security breaches or losses to authorities or data subjects...
NORTH MACEDONIA PERSONAL DATA BREACH NOTIFIERS
Under the DP Law, data controllers and processors are not required to report data security breaches to the DPA...
NORWAY PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
PAKISTAN PERSONAL DATA BREACH NOTIFIERS
There is no requirement to report data breaches to any individual or regulatory body...
PANAMA PERSONAL DATA BREACH NOTIFIERS
Operators that manage public networks or that provide communication services available to...
PARAGUAY PERSONAL DATA BREACH NOTIFIERS
The obligation to notify a data security breach is not established under the current data protection regime...
PERU PERSONAL DATA BREACH NOTIFIERS
The holder of a database (and processor, where applicable) is required to...
PHILIPPINES PERSONAL DATA BREACH NOTIFIERS
The Personal Information Controller is required to promptly notify the National Privacy Commission and the...
POLAND PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
PORTUGAL PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
QATAR PERSONAL DATA BREACH NOTIFIERS
There is an obligation on the data controller to notify the regulator, the MoTC and the data subject of...
QATAR – FINANCIAL CENTRE PERSONAL DATA BREACH NOTIFIERS
There is no requirement under the DPL and nor the DPR to inform the QFC Authority of...
ROMANIA PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the...
RUSSIA PERSONAL DATA BREACH NOTIFIERS
There is no mandatory requirement to report data security breaches or losses to the Agency or to data subjects...
SAUDI ARABIA PERSONAL DATA BREACH NOTIFIERS
There are no dedicated data protection regulations imposing a mandatory requirement to report data security breaches...
SERBIA PERSONAL DATA BREACH NOTIFIERS
The DP Law imposes data breach notification obligations that largely track the GDPR...
SEYCHELLES PERSONAL DATA BREACH NOTIFIERS
There is no mandatory requirement in the Act to report data security breaches or...
SINGAPORE PERSONAL DATA BREACH NOTIFIERS
Currently, there are no mandatory requirements under the Act for data users to notify the Commission or...
SLOVAK REPUBLIC PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the...
SLOVENIA PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
SOUTH AFRICA PERSONAL DATA BREACH NOTIFIERS
In terms of section 22 of POPIA, where there are reasonable grounds to believe that the personal information of...
SOUTH KOREA PERSONAL DATA BREACH NOTIFIERS
Under PIPA, if a breach of Personal Data occurs the Data Handler must notify the data subjects without delay of...
SPAIN PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
SWEDEN PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
SWITZERLAND PERSONAL DATA BREACH NOTIFIERS
There is no explicit statutory requirement to notify the FDPIC or the affected data subjects of data security breaches under the DPA...
TAIWAN, CHINA PERSONAL DATA BREACH NOTIFIERS
Where the personal data is stolen, disclosed, altered or infringed in other ways due to the...
TAJIKISTAN PERSONAL DATA BREACH NOTIFIERS
Currently, there is no formal requirement in Tajikistan to report data breaches to any authority or data subject...
THAILAND PERSONAL DATA BREACH NOTIFIERS
In the event of a data breach, Data Controllers must report the breach to the Regulator without undue delay...
TRINIDAD AND TOBAGO PERSONAL DATA BREACH NOTIFIERS
There is no provision in the DPA for notifying data subjects or the Information Commissioner of a security breach...
TUNISIA PERSONAL DATA BREACH NOTIFIERS
Under Tunisian Law, it is up to the person in question to make this kind of notification, or to its heirs and agents in certain circumstances...
TURKEY PERSONAL DATA BREACH NOTIFIERS
Under the DPL, controllers must notify the data subject and the Data Protection Authority in case of a data breach...
TURKMENISTAN PERSONAL DATA BREACH NOTIFIERS
Data Protection Law does not provide for any provisions regarding breach notification requirements...
UAE – ABU DHABI GLOBAL MARKET FREE ZONE PERSONAL DATA BREACH NOTIFIERS
In the event of a breach of any personal data held by a data processor, the data processor shall inform the data controller of...
UAE – DUBAI (DIFC) PERSONAL DATA BREACH NOTIFIERS
In the event of a breach (being an unauthorised intrusion, either physical, electronic or otherwise, to any personal data database...
UAE – DUBAI HEALTH CARE CITY FREE ZONE PERSONAL DATA BREACH NOTIFIERS
There is no specific requirement set out in the DPL obliging a Licensee to inform the CPQ in the event of...
UAE – GENERAL PERSONAL DATA BREACH NOTIFIERS
There is no mandatory requirement under UAE Federal Law to report data security breaches...
UGANDA PERSONAL DATA BREACH NOTIFIERS
Section 23 of the Data Protection and Privacy Act imposes a duty on data processors, collectors and...
UKRAINE PERSONAL DATA BREACH NOTIFIERS
There is no requirement to report data security breaches or losses to the appropriate state authority...
UNITED KINGDOM PERSONAL DATA BREACH NOTIFIERS
The GDPR contains a general requirement for a personal data breach to be notified by the controller to...
UNITED STATES PERSONAL DATA BREACH NOTIFIERS
All 50 US states, Washington, DC, and most US territories (including, Puerto Rico, Guam and the Virgin Islands) have passed...
URUGUAY PERSONAL DATA BREACH NOTIFIERS
If the data processor detects a breach of security measures, the data processor should immediately report the...
UZBEKISTAN PERSONAL DATA BREACH NOTIFIERS
There is no requirement on breach notification under the Law on Personal Data...
VIETNAM PERSONAL DATA BREACH NOTIFIERS
The laws of Vietnam introduced a general requirement for the reporting and notification of actual or...
ZAMBIA PERSONAL DATA BREACH NOTIFIERS
There is no breach notification requirement in Zambia...
ZIMBABWE PERSONAL DATA BREACH NOTIFIERS
There is no law which requires data protection officers to report a breach...
