All DPA clauses

GDPR DPA clause · critical

Personal Data Breach Notification

The clause requiring the processor to tell the controller about a personal-data breach without undue delay.

What the clause requires

The processor must notify the controller of a personal-data breach without undue delay.

Why a GDPR DPA needs it

Article 33(2) requires processors to notify controllers without undue delay. The controller’s own 72-hour notification duty depends on learning of the breach in time.

Risk if it is missing

The controller may not learn of a breach in time to meet its regulatory notification duty.

Free · nothing leaves your browser

Check your DPA against all 10 clauses

Answer 10 quick questions — checked in your browser, no upload. To review the actual wording, the desktop app reads your DPA on your machine and never sends it anywhere.

Run the free DPA check

This page explains a common Data Processing Agreement clause for general information. It is not legal advice. Have a qualified professional review anything that matters.