undefined | Better HN

0 pointsnneonneo7y ago0 comments

Article 34 clearly states that the breached organization must inform the data subject "without undue delay". Given that the event occurred in September, and it is now December, I would characterize that as an undue delay.

There should be GDPR consequences of this - it's time that law got properly put to the test.

0 comments

jsnell7y ago

I'd imagine what matters is the delay from when you learn about the issue, not the delay from when it happened. This blog post looks a lot more like something they discovered now than something they discovered in September. (E.g. the way they'll have "tools for figuring out who was affected next week").

j / k navigate · click thread line to collapse

0 pointsnneonneo7y ago0 comments

There should be GDPR consequences of this - it's time that law got properly put to the test.

0 comments

jsnell7y ago

j / k navigate · click thread line to collapse