In the event of a data breach, DEWETRON will take immediate action to contain and mitigate the breach, in accordance with the requirements of the Austrian Data Protection Act (DSGVO) and the General Data Protection Regulation (GDPR).
Notification procedure
In the event of a data breach that is likely to result in a high risk to the rights and freedoms of natural persons, DEWETRON will notify the Austrian Data Protection Authority (Österreichische Datenschutzbehörde) without undue delay, and in any case within 72 hours of becoming aware of the breach.
In addition, DEWETRON will notify affected customers without undue delay, providing them with the following information:
- a description of the nature of the breach
- the categories and approximate number of data subjects affected
- the categories and approximate number of personal data records affected
- a description of the likely consequences of the breach
- a description of the measures taken by DEWETRON to address the breach and mitigate its effects
- contact information for the Data Protection Officer or other relevant contact person
Public disclosure
In addition to that, DEWETRON will consider making a public disclosure on its website, providing information about the breach to affected customers and the general public. However, public disclosure will not be made in every case, but rather will be considered on a case-by-case basis, considering the severity and impact of the breach.
Public disclosure will typically be made in situations where the breach is likely to have a significant impact on a large number of data subjects, or where there is a high risk of harm to individuals, such as in the event of a major security incident. In such cases, DEWETRON will provide information about the breach on its website, including details about the nature of the breach, the measures being taken to address it, and any steps that affected individuals can take to protect themselves.
The decision to make a public disclosure will be made in accordance with the requirements of the Austrian Data Protection Act (DSGVO) and the General Data Protection Regulation (GDPR) and will take into account the potential benefits and risks of disclosure, including the potential impact on affected individuals and the potential for reputational harm.