TO TOP

IT-Sicherheitsvorfall/IT-Notfall | A-Z | Kontakt/Beratung

Notification of a personal data breach (Art. 33 GDPR)

In the case of a personal data breach, RUB shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, RUB shall communicate the personal data breach to the data subject without undue delay.

The Information Security Officer and the Data Protection Officer are responsible for processing and reporting data breaches at the RUB.

What is meant by the term "data breach"?

A data breach is defined as incorrect processing of personal data that leads to a risk for the affected person, e.g.

  • Loss/theft of USB sticks or other data carriers/hard drives
  •  Loss/theft of smartphones or other (mobile) IT systems
  •  Misplacement of personal data by post or email
  •  Loss of documents
  •  Malware attack on IT systems
  •  Spying on access data/passwords
  •  Access or theft of personal data by unauthorized persons (e.g. after hacking or physical intrusion)

Questionnaires

The cooperation of persons involved is usually required for clarification, risk assessment and rapid lifting of locks. In the download area, we provide suitable questionnaires for processing the data protection notification in accordance with Art. 33 GDPR.

Download area

Take precautions

The usual security tips and careful handling of other people's personal data protect against data breaches.

Information

The GDPR requires the documentation of all data breaches. If you suspect or know that personal data has been unlawfully disclosed or processed, or that there is a risk of this, you are under obligation to report such an incident to us.

By reporting promptly, you limit the potential damage and enable us to assess and respond appropriately within the required deadlines.

Report by e-mail to: datenpanne@ruhr-uni-bochum.de

Alternatively, you can send us a message anonymously using our contact form.

Your messages reach us completely anonymously via internal company mail of the Ruhr-University. Due to the time delay, we recommend the above-mentioned digital contact options.

Stabsstelle für Informationssicherheit der RUB
Geschäftszimmer
GAFO 04/622 | Postfach 137

To process the incident we need (what, when, where):

  1. a brief description of what was noticed at what time,
  2. if known, information on what kinds of personal data are affected and to what extent,
  3. optional: contact address (e-mail, telephone) for queries. Reports can also be made anonymously.

Your message will be transmitted to the Information Security Officer and the Data Protection Officer of the RUB. These are responsible for notifications to the supervisory authority. 

Depending on the type and severity of the data breach, the affected persons and the management of affected institutions will be notified. To avert acute, major incidents and risks, authorized departments of the Ruhr-Universität will take additional measures:

  1. exclude users from using the IT systems, the network or the IT services,
  2. interrupt the Internet connection to the affected terminal devices or subnets.

The emergency measures are limited to the period in which the problem or danger persists.