The following information shall be provided to the Data Protection Authority:
The nature of the data breach, including, if possible, the categories and the estimated number of individuals registered that it concerns and the categories and the estimated number of records of the personal data concerned;
the name and contact details of the data protection officer or other contact point where further information can be obtained,
the consequences of a data breach in the processing of personal data,
measures taken or planned by the controller in the event of a data breach in the processing of personal data, including, where appropriate, measures to mitigate its potentially adverse effects.
The absence of complete or accurate information shall not prevent a notification being sent in time, as it is possible to send the Data Protection Authority updated information when it is available.
