Search Legislation

The Privacy and Electronic Communications (EC Directive) Regulations 2003

 Help about what version

What Version

 Help about advanced features

Advanced Features

Changes over time for: Section 5A

 Help about opening options

Version Superseded: 14/10/2024

Alternative versions:

Status:

Point in time view as at 27/06/2018. This version of this provision has been superseded. Help about Status

Close

Status

You are viewing this legislation item as it stood at a particular point in time. A later version of this or provision, including subsequent changes and effects, supersedes this version.

Note the term provision is used to describe a definable element in a piece of legislation that has legislative effect – such as a Part, Chapter or section.

Changes to legislation:

There are currently no known outstanding effects for the The Privacy and Electronic Communications (EC Directive) Regulations 2003, Section 5A. Help about Changes to Legislation

Close

Changes to Legislation

Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.

[F1Personal data breachU.K.

5A.(1) In this regulation and in regulations 5B and 5C, “service provider” has the meaning given in regulation 5(1).

(2) If a personal data breach occurs, the service provider shall, without undue delay, notify that breach to the Information Commissioner.

(3) Subject to paragraph (6), if a personal data breach is likely to adversely affect the personal data or privacy of a subscriber or user, the service provider shall also, without undue delay, notify that breach to the subscriber or user concerned.

(4) The notification referred to in paragraph (2) shall contain at least a description of—

(a)the nature of the breach;

(b)the consequences of the breach; and

(c)the measures taken or proposed to be taken by the provider to address the breach.

(5) The notification referred to the paragraph (3) shall contain at least—

(a)a description of the nature of the breach;

(b)information about contact points within the service provider’s organisation from which more information may be obtained; and

(c)recommendations of measures to allow the subscriber to mitigate the possible adverse impacts of the breach.

(6) The notification referred to in paragraph (3) is not required if the service provider has demonstrated, to the satisfaction of the Information Commissioner that—

(a)it has implemented appropriate technological protection measures which render the data unintelligible to any person who is not authorised to access it, and

(b)that those measures were applied to the data concerned in that breach.

(7) If the service provider has not notified the subscriber or user in compliance with paragraph (3), the Information Commissioner may, having considered the likely adverse effects of the breach, require it to do so.

(8) Service providers shall maintain an inventory of personal data breaches comprising —

(a)the facts surrounding the breach,

(b)the effects of that breach, and

(c)remedial action taken

which shall be sufficient to enable the Information Commissioner to verify compliance with the provisions of this regulation. The inventory shall only include information necessary for this purpose.]

[F2(9) This regulation does not apply in relation to any personal data breach which is to be notified to the Investigatory Powers Commissioner in accordance with a code of practice made under the Investigatory Powers Act 2016.]

Back to top

Options/Help

Print Options

Close

Legislation is available in different versions:

Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.

Original (As Enacted or Made): The original version of the legislation as it stood when it was enacted or made. No changes have been applied to the text.

Point in Time: This becomes available after navigating to view revised legislation as it stood at a certain point in time via Advanced Features > Show Timeline of Changes or via a point in time advanced search.

Close

See additional information alongside the content

Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.

Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.

Close

Opening Options

Different options to open legislation in order to view more content on screen at once

Close

More Resources

Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:

  • the original print PDF of the as enacted version that was used for the print copy
  • lists of changes made by and/or affecting this legislation item
  • confers power and blanket amendment details
  • all formats of all associated documents
  • correction slips
  • links to related legislation and further information resources
Close

Timeline of Changes

This timeline shows the different points in time where a change occurred. The dates will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. The first date in the timeline will usually be the earliest date when the provision came into force. In some cases the first date is 01/02/1991 (or for Northern Ireland legislation 01/01/2006). This date is our basedate. No versions before this date are available. For further information see the Editorial Practice Guide and Glossary under Help.

Close

More Resources

Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:

  • the original print PDF of the as made version that was used for the print copy
  • correction slips

Click 'View More' or select 'More Resources' tab for additional information including:

  • lists of changes made by and/or affecting this legislation item
  • confers power and blanket amendment details
  • all formats of all associated documents
  • links to related legislation and further information resources