Recital 86
Recital 86
(86) 當個人資料侵害可能造成當事人之權利或自由之高度風險,為 了使其得以採取必要之防範措施,控管者應與資料主體溝通個人資料 之侵害,不得無故遲延。該溝通應描述個人資料侵害之本質及對該當 事人降低潛在不利影響之建議。此種對資料主體之溝通應儘快、合理、 可行,且與監管機關密切合作,遵守監管機關或其他相關機關如執法 機關之指導。例如,降低損害之立即風險的需求即需要立刻與資料主 體溝通,但執行適當措施以對抗繼續或類似的個人資料侵害之需求則 得正當化較長之溝通時間。
(86) The controller should communicate to the data subject a personal data breach, without undue delay, where that personal data breach is likely to result in a high risk to the rights and freedoms of the natural person in order to allow him or her to take the necessary precautions.
The communication should describe the nature of the personal data breach as well as recommendations for the natural person concerned to mitigate potential adverse effects.
Such communications to data subjects should be made as soon as reasonably feasible and in close cooperation with the supervisory authority, respecting guidance provided by it or by other relevant authorities such as law-enforcement authorities.
For example, the need to mitigate an immediate risk of damage would call for prompt communication with data subjects whereas the need to implement appropriate measures against continuing or similar personal data breaches may justify more time for communication.
Source: https://www.ndc.gov.tw/Content_List.aspx?n=F98A8C27A0F54C30
The latest consolidated version of the Regulation with corrections by Corrigendum, OJ L 127, 23.5.2018, p. 2 ((EU) 2016/679). Source: EUR-lex.