- Y Diweddaraf sydd Ar Gael (Diwygiedig)
- Gwreiddiol (a wnaed Fel)
The Privacy and Electronic Communications (EC Directive) Regulations 2003
You are here:
- Offerynnau Statudol y Deyrnas Unedig
- 2003 No. 2426
- Regulation 5A
Pa Fersiwn
Nodweddion Uwch
- Dangos Graddfa Ddaearyddol(e.e. Lloegr, Cymru, Yr Alban aca Gogledd Iwerddon)
- Dangos Llinell Amser Newidiadau
Rhagor o Adnoddau
Changes to legislation:
The Privacy and Electronic Communications (EC Directive) Regulations 2003, Section 5A is up to date with all changes known to be in force on or before 03 July 2024. There are changes that may be brought into force at a future date. Changes that have been made appear in the content and are referenced with annotations.
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. Changes and effects are recorded by our editorial team in lists which can be found in the ‘Changes to Legislation’ area. Where those effects have yet to be applied to the text of the legislation by the editorial team they are also listed alongside the legislation in the affected provisions. Use the ‘more’ link to open the changes and effects relevant to the provision you are viewing.
[F1Personal data breachU.K.
5A.—(1) In this regulation and in regulations 5B and 5C, “service provider” has the meaning given in regulation 5(1).
(2) If a personal data breach occurs, the service provider shall, without undue delay, notify that breach to the Information Commissioner.
(3) Subject to paragraph (6), if a personal data breach is likely to adversely affect the personal data or privacy of a subscriber or user, the service provider shall also, without undue delay, notify that breach to the subscriber or user concerned.
(4) The notification referred to in paragraph (2) shall contain at least a description of—
(a)the nature of the breach;
(b)the consequences of the breach; and
(c)the measures taken or proposed to be taken by the provider to address the breach.
(5) The notification referred to the paragraph (3) shall contain at least—
(a)a description of the nature of the breach;
(b)information about contact points within the service provider’s organisation from which more information may be obtained; and
(c)recommendations of measures to allow the subscriber to mitigate the possible adverse impacts of the breach.
(6) The notification referred to in paragraph (3) is not required if the service provider has demonstrated, to the satisfaction of the Information Commissioner that—
(a)it has implemented appropriate technological protection measures which render the data unintelligible to any person who is not authorised to access it, and
(b)that those measures were applied to the data concerned in that breach.
(7) If the service provider has not notified the subscriber or user in compliance with paragraph (3), the Information Commissioner may, having considered the likely adverse effects of the breach, require it to do so.
(8) Service providers shall maintain an inventory of personal data breaches comprising —
(a)the facts surrounding the breach,
(b)the effects of that breach, and
(c)remedial action taken
which shall be sufficient to enable the Information Commissioner to verify compliance with the provisions of this regulation. The inventory shall only include information necessary for this purpose.
[F2(9) This regulation does not apply in relation to any personal data breach which is to be notified to the Investigatory Powers Commissioner in accordance with a code of practice made under the Investigatory Powers Act 2016.]]
Textual Amendments
F1Regs. 5A-5C inserted (26.5.2011) by The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (S.I. 2011/1208), regs. 1(1), 5
F2Reg. 5A(9) inserted (27.6.2018) by Investigatory Powers Act 2016 (c. 25), s. 272(1), Sch. 10 para. 14 (with Sch. 9 paras. 7, 8, 10); S.I. 2018/652, reg. 12(g)(iii)
Options/Help
Print Options
PrintThe Whole Instrument
PrintThis Section only
Mae deddfwriaeth ar gael mewn fersiynau gwahanol:
Y Diweddaraf sydd Ar Gael (diwygiedig):Y fersiwn ddiweddaraf sydd ar gael o’r ddeddfwriaeth yn cynnwys newidiadau a wnaed gan ddeddfwriaeth ddilynol ac wedi eu gweithredu gan ein tîm golygyddol. Gellir gweld y newidiadau nad ydym wedi eu gweithredu i’r testun eto yn yr ardal ‘Newidiadau i Ddeddfwriaeth’.
Gwreiddiol (Fel y’i Deddfwyd neu y’i Gwnaed): Mae'r wreiddiol fersiwn y ddeddfwriaeth fel ag yr oedd pan gafodd ei deddfu neu eu gwneud. Ni wnaed unrhyw newidiadau i’r testun.
Gweler y wybodaeth ychwanegol ochr yn ochr â’r cynnwys
Rhychwant ddaearyddol: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Dangos Llinell Amser Newidiadau: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Dewisiadau Agor
Dewisiadau gwahanol i agor deddfwriaeth er mwyn gweld rhagor o gynnwys ar y sgrin ar yr un pryd
Rhagor o Adnoddau
Gallwch wneud defnydd o ddogfennau atodol hanfodol a gwybodaeth ar gyfer yr eitem ddeddfwriaeth o’r tab hwn. Yn ddibynnol ar yr eitem ddeddfwriaeth sydd i’w gweld, gallai hyn gynnwys:
- y PDF print gwreiddiol y fel deddfwyd fersiwn a ddefnyddiwyd am y copi print
- rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
- manylion rhoi grym a newid cyffredinol
- pob fformat o’r holl ddogfennau cysylltiedig
- slipiau cywiro
- dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill
Llinell Amser Newidiadau
This timeline shows the different points in time where a change occurred. The dates will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. The first date in the timeline will usually be the earliest date when the provision came into force. In some cases the first date is 01/02/1991 (or for Northern Ireland legislation 01/01/2006). This date is our basedate. No versions before this date are available. For further information see the Editorial Practice Guide and Glossary under Help.
Rhagor o Adnoddau
Defnyddiwch y ddewislen hon i agor dogfennau hanfodol sy’n cyd-fynd â’r ddeddfwriaeth a gwybodaeth am yr eitem hon o ddeddfwriaeth. Gan ddibynnu ar yr eitem o ddeddfwriaeth sy’n cael ei gweld gall hyn gynnwys:
- y PDF print gwreiddiol y fel gwnaed fersiwn a ddefnyddiwyd am y copi print
- slipiau cywiro
liciwch ‘Gweld Mwy’ neu ddewis ‘Rhagor o Adnoddau’ am wybodaeth ychwanegol gan gynnwys
- rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
- manylion rhoi grym a newid cyffredinol
- pob fformat o’r holl ddogfennau cysylltiedig
- dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill
Mae’r holl gynnwys ar gael dan Drwydded Llywodraeth Agored v3.0 ac eithrio ble nodir yn wahanol. Yn ychwanegol mae’r safle hwn â chynnwys sy’n deillio o EUR-Lex, a ailddefnyddiwyd dan delerau Penderfyniad y Comisiwn 2011/833/EU ar ailddefnyddio dogfennau o sefydliadau’r UE. Am ragor o wybodaeth gweler ddatganiad cyhoeddus Swyddfa Gyhoeddiadau’r UE ar ailddefnyddio.