Skip Ribbon Commands
Skip to main content
Portal UMinho

Notification of a personal data breach to the DPO

Portal UMinho > EN > Institutional > Data protection > Notification of a personal data breach to the DPO

 Notification of a personal data breach to the DPO

"«Personal data breach» means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;"
[GDPR Article 4, 12)]


Every personal data breach shall be notified to the DPO, without undue delay, for registration and evaluation of the measures to be taken.

The notification to the DPO shall be made by email to the address, and shall at least address the following topics:

  1. Describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
  2. Describe the likely consequences of the personal data breach;
  3. Describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

Personal data breaches which may pose​ a risk for natural persons, must be reported to the Supervisory Authority within 72 hours of being detected. Communication to the Supervisory Authority shall​ be made through the DPO.

For personal data breaches likely to pose a high risk to the rights and freedoms of natural persons, the data subject must be informed of the breach without undue delay. ​​​​
  • Universidade do
  • Largo do Paço
    4704-553 Braga
  • T.:253 601 100, 253 601 109
© University of Minho - 2022