How to Report data protection breaches of dead relation data set

Madeline O'Brien made this acceso a documentos request to Supervisor Europeo de Protección de Datos

Automatic anti-spam measures are in place for this older request. Please let us know if a further response is expected or if you are having trouble responding.

La solicitud fue exitosa.

Dear European Data Protection Supervisor,

Under the right of access to documents in the EU treaties, as developed in Regulation 1049/2001, I am requesting documents which contain the following information

:How to Report data protection breaches of dead relation data set

How to report data protection breaches of dead mothers data set.

Yours faithfully,

Madeline O'Brien

European Data Protection Supervisor, Supervisor Europeo de Protección de Datos

4 Adjuntos

Dear Mrs O'Brien,


I am writing in reply to your email of 6 April 2022 to the European Data
Protection Supervisor (EDPS), regarding your specific request on reporting
personal data breaches of deceased people.


Dead people are not covered by the scope of the General Data Protection
Regulation (GDPR). See Recital 27 of the GDPR: "This Regulation does not
apply to the personal data of deceased persons. Member States may provide
for rules regarding the processing of personal data of deceased persons."
Therefore, there is no legal obligation under the GDPR or Regulation (EU)
2018/1725 to report personal data breaches related to deceased people.


In case there has been a data breach related to a dataset of dead people
that also includes personal data of living natural persons, the controller
must assess its risks to their rights and freedoms  and, where necessary,
notify the competent supervisory authority, in accordance with Article 33
of the GDPR. The competent supervisory authority is determined based on
the establishment of the controller (Articles 55 and 27 of the GDPR). In
case the controller is a European Union institution, body or agency, the
EDPS is the competent supervisory authority, and the notification should
be addressed to the EDPS, in accordance with Article 34 Regulation (EU)


The following link lists the contact details of all of the supervisory
authorities in the European Union:



Best regards,


Agnieszka Nyka

Information and Communication


[2]cid:image001.png@01D08819.F93340B0 EDPS Secretariat



[3]Description: Description:
Email[4][EDPS request email]

European Data Protection Supervisor
Postal address: Rue Wiertz 60, B-1047 Brussels
Office address: Rue Montoyer 30, B-1040 Brussels

[5]Description: [7]Description: Description:
Description: Website[8]


This email
(and any
may contain
that is
internal or
access, use or
processing is
not permitted.
If you are not
the intended
please inform
the sender by
reply and then
delete all
copies. Emails
are not secure
as they can be
amended, and
infected with
viruses. The
EDPS therefore
guarantee the
security of
by email.

[9]Privacy statement


mostrar partes citadas