How to communicate with the data subject in case of a data breach. 10 tips from our Sustainable Compliance network

By 
Jacob H√łedt Larsen
November 8, 2023

"18,000 citizens received a letter after a data leak - citizens are "extremely worried." That's what Danish TV2 wrote on their website on October 29, 2023. And it's truly a catch-22 when it comes to communicating with the data subjects regarding a data breach.

Sometimes, you have to inform the data subject, even though there's not much they can do.

How do you work with that?

We recently discussed this at our Sustainable Compliance Live, where we meet with practitioners in data protection and information security every other week to discuss and share advice.

Here are the top ten tips that emerged from the discussion:
‚Äć

  1. Be clear and precise in your communication about the data breach.
  2. Use understandable language that speaks directly to the recipient.
  3. Test your communication on a group of citizens to ensure they understand what you write.
  4. Provide clear information about what has happened.
  5. Describe the likely consequences of the breach.
  6. Specify the measures taken to handle the breach.
  7. Be transparent and honest in your communication.
  8. Is a notification necessary and desirable? The data subject is likely to feel insecure.
  9. Make sure to provide a contact person for the data subject to obtain further information. Perhaps it should not be the DPO, but someone closer to the data subject's everyday life.
  10. Assess the need to inform about identity theft and potential consequences.