Personal Data Breach Notification System in the European Union: Interpretation of ‘Without Undue Delay’

The fast-moving technologies continually challenge present rules on data-privacy protection. The expansion of computing functions, speed of processing and storage capabilities makes personal information difficult to be controlled.

In the EU, the revised EC e-Privacy Directive amended by the Directive 2009/136/EC modifies existing provisions and makes new provisions to enhance privacy protection in the electronic communications sector, which includes the further development of the system of notification of the personal data breach to minimise adverse effects. This paper aims to examine and evaluate the personal data breach notification system, interpret the requirement of "without undue delay" duty and discuss the impact of the revised Directive to business organisations. It finally proposes solutions to improve the notification system to increase the efficiency of privacy protection.