Select Page

GDPR 33 and 34: Breaches, Disclosure, and YOU!

Author: Nate Latessa, President
GDPR is the hot topic among many companies trying to prepare for the May 2018 deadline. Understanding what actions need to occur and what technologies are available to help comply with these regulations is critical. Heureka’s visibility into unstructured data can dramatically improve a company’s ability to comply with Article 33 and Article 34.  In terms of data breaches, one of the most difficult things to understand is what data may be in-scope for the breach.


Article 33 requires:

In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

Heureka Helps


With Heureka in place across all unstructured data points (endpoints, file shares, and servers) the data privacy officer responsible for notification in compliance with GDPR 33 has full visibility into any devices that have been compromised.

Heureka indexes provide insight on what type of data was on the compromised devices and display risk scores based on assets containing PII (e.g.,such as credit card numbers, national identity numbers, and bank routing information, etc.) so that your company can report accordingly.

This ability compliments the terms of GDPR 34’s requirement if a personal data breach contains high-risk value and then provides the ability to report accordingly. Having visibility to assess the potential of high risk data at-a-glance would prevent the controller to have to report to the data subject if they can understand that their data isn’t high risk. This would prevent the necessity of public communication as Heureka can provide all the levels of data risk effortlessly.