[NOTE:  CONSIDER SUBMITTING IN BOTH ENGLISH AND ITALIAN]

 

[LUC LETTERHEAD]

 

_____________, 2018

 

 

Garante Per La Protezione Dei Dati Personali

Piazza di Monte Citorio, 121

00186 Roma

Fax. + 39 06 69677 785

Email: garante@garanteprivacy.it

 

            Re:       Notice By Loyola University of Chicago, as Controller

Pursuant to GDPR Article 33

 

To the Garante:

 

            Loyola University of Chicago, in its capacity as controller (the “Controller”) , hereby gives notice pursuant to Article 33(1) of Regulation (EU) 2016/679 (the “GDPR”) of a [possible] personal data breach incident, and, pursuant to GPD Article 33(3), provides the following required information:

 

(a)               Describe the nature of the personal data breach including where possible, the

categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;

 

The incident involved [INSERT DESCRIPTION OF NATURE OF INCIDENT].  The categories of data subjects affected by the incident include [INSERT DESCRIPTION OF GENERAL CATEGORIES OF AFFECTED EU PERSONS, E.G., FACULTY, STAFF, AND EMPLOYEES OF THE CONTROLLER].  The incident concerns approximately [INSERT NUMBER] data subjects.   The categories of personal data records concerned include [INSERT DESCRIPTION OF GENERAL CATEGORIES OF DATA].  Approximately [INSERT NUMBER OF PAGES OR FILES] personal data records were involved in such incident.

 

 

(b)              Communicate the name and contact details of the data protection officer or other

            contact point where more information can be obtained;

 

Loyola has not designated a data protection officer because its core activities do not include the regular and systematic monitoring of data subjects on a large scale, nor does the university process on a large scale either special categories of data (as described in GDPR Article 9) or personal data relating to criminal convictions and offenses (as described in GDPR Article 10).  Additional information concerning the incident can be obtained from:

 

(i)                  the Controller’s Representative in Italy:

 

Todd W. Waller

Director

John Felice Rome Center

Via Massimi, 114-A

00136 Rome, Italy

twaller@luc.edu

 

(ii)              the Controller’s Information Security Officer

 

Jim Pardonek, MS, CISSP, CEH, GSNA

Information Security Officer

Loyola University of Chicago

1032 W. Sheridan Road

Chicago, Illinois 60660

GDPR@luc.edu

 

(c)                  Describe the likely consequences of the personal data breach;

 

[INSERT DESCRIPTION OF LIKELY (AS COMPARED TO POSSIBLE) CONSEQUENCES]

 

(d)                 Describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

 

[INSERT DESCRIPTION OF TECHNICAL PROTECTIVE MEASURES TAKEN, AND ALSO ANY CREDIT MONITORING/IDENTIFY RESTORATION SERVICES PROVIDED]

 

                                                                                    Sincerely yours,

 

 

 

                                                                                    [INSERT NAME OF SIGNATORY]