As soon as it becomes known that data has been lost, the GDPR requires a report to be made to the respective state data protection commissioner within 72 hours (including weekends and public holidays). Within this period, the persons responsible for the organisational unit, the information security officers and the HsH Executive Board must be informed at the same time.
The reporting of data protection incidents to bodies external to the university takes place exclusively via the Executive Board.
We have developed this process for Faculty III to make it easier and quicker for you to deal with in everyday life. The following instructions therefore serve as an aid to action and are at the same time binding for dealing with data loss of all kinds (digital and analogue origin) in Faculty III.