ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Standard Contractual Clauses (SCC)

Within What Timeframe Must a Processor Notify the Controller of a Personal Data Breach?

ANSWER

The SCCs do not specify a precise timeframe within which a processor must notify the controller of a personal data breach when the breach concerns data processed by the processor.

Clause 9.2 of the SCCs states that such notification must be made "without undue delay." Therefore, it is up to the parties to determine the specific timeframe, taking into account the particular circumstances of the processing activities.

The above answer is based on an official document of the European Commission.

You can review it at: https://ec.europa.eu/info/sites/default/files/questions_answers_on_sccs_en.pdf

A translated version of this document is also available on our blog under the title: "Standard Contractual Clauses (SCCs) – Questions and Answers".

Show all
PreviousNext

Read also:

07 June 2026

TikTok a RODO w sektorze publicznym – czego urzędy mogą dowiedzieć się z niemieckich zaleceń dla instytucji

29 May 2026

Kontrola służbowej poczty e-mail pracownika a tajemnica przedsiębiorstwa - kiedy pracodawca może legalnie przejrzeć skrzynkę?

14 May 2026

Czy pracodawca może opublikować zdjęcie pracownika? Wykorzystanie wizerunku pracownika na gruncie RODO i prawa autorskiego

Szkolenia

RODO od podstaw (8h) online

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
SCC breach notification: processor timeframe to inform the controller | ODO 24 | ODO 24