GDPR DPA clause · critical
Personal Data Breach Notification
The clause requiring the processor to tell the controller about a personal-data breach without undue delay.
What the clause requires
The processor must notify the controller of a personal-data breach without undue delay.
Why a GDPR DPA needs it
Article 33(2) requires processors to notify controllers without undue delay. The controller’s own 72-hour notification duty depends on learning of the breach in time.
Risk if it is missing
The controller may not learn of a breach in time to meet its regulatory notification duty.
Free · nothing leaves your browser
Check your DPA against all 10 clauses
Answer 10 quick questions — checked in your browser, no upload. To review the actual wording, the desktop app reads your DPA on your machine and never sends it anywhere.
Run the free DPA checkThis page explains a common Data Processing Agreement clause for general information. It is not legal advice. Have a qualified professional review anything that matters.