1. Home
  2. Organisations
  3. Notification of data breaches
  4. Submission of a data breach notification to the HDPA
  5. Submission of a data breach notification to the HDPA

Submission of a data breach notification to the HDPA

To notify a data breach to the HDPA you must first log in to the HDPA online portal by filling in and submitting the relevant electronic form provided. To log in to the online portal you must use the taxisnet credentials available to controllers established in Greece. Relevant information on how to submit a notification in Greek is availablehere.

The HDPA allows the submission of data breach notifications in English either in cases of breach in the context of cross-border processing or when Article 3 (2) or (3) GDPR applies. In case the controllers are not established in Greece, and therefore they cannot log in to the online portal by using the taxisnet credentials, the relevant notification can be submitted via email.

In this case, follow thesteps below:

  1. Please download the appropriate type of the data breach form. The form is provided in two versions. The first one uses macros in order to guide you through the process of filling in. The second one is a simple (MS excel format) file, without macros. You may chooseeither the firstor the second:

    Form with macros

    Please remember to activate macros!

    		 Form_with macros.xlsm

    Form simple

    		 Form_simple.xls
  2. Fill in the required fields of the form and save it. To fill in each line of the form, please see the detailed guidelines at the end of each line.
  3. Encrypt the form as illustrated below by using the HDPA’s public key (optional, but recommended for reasons of secrecy).
  4. Attach the encrypted form to an email. In your email please describe the reasons that have led you to submit the data breach form in this way and not via the HDPA online portal.
  5. Send the email todatabreach@dpa.gr.

Warning, the above email address concerns only notifications of personal data breaches submitted by controllers. To lodge a complaint, please seehere.

Emails sent to the above address which do not concern data breaches will not be considered.

 

For security reasons, we suggest that you send the formencrypted in such a way that it can be read (decrypted) only by the HDPA.

To achieve that, you should use the GnuPG (GPG) software, which is a free distribution of the OpenPGP standard.

You must first encrypt the file (i.e. the filled in form) on your computer, regardless of the software/e-mail service you use and then attach the encrypted file to an e-mail message.

The HDPA’s public GPG key, which must be used to encrypt the completed form before attaching it to the e-mail message* to be sent to the HDPA, is availablehere (Key ID:445EA68B, Key Fingerprint: AD28 60E4 2CBA CA97 A2AD A5F1 75BD F233 445E A68B). Any accompanying document may be encrypted in the same way.

(*) Warning: Please do not encrypt the whole e-mail message (e.g. by using an appropriate plugin), because there are known security issues in this approach (seehere).

Social Sharing block

  • Διαμοιρασμός στο LinkedIn
  • Διαμοιρασμός στο Twitter
  • Email
We use the cookies that are necessary to maintain your connection to the online services of the HDPA’s Portal and to store your preferences in relation to optional cookies (“Necessary”).
Only with your consent we will use any of the following optional cookies you select (“Analytics”, “LinkedIn”, “Twitter”). You can see information on each cookie category by passing the cursor over each option.