National Data Protection Law


    National Data Protection Law

    “Datenschutzgesetz” is national legislation implementing the GDPR in Austria. It was published on 31 July 2017 and went into effect on 25 May 2018.

    Last Updated: July 30, 2019

  • General

    Supplements the GDPR and ensures the proper implementation of the Regulation in Austria. It was published on 31 July 2017 and went into effect on 25 May 2018. This law provides comprehensive data protection rights to individuals in line with the without diverting much from the GDPR strict rules. It lowers the consenting age of minors to 14 years of age in the context of the offering of information society services and includes specific provisions on the processing of information revealing criminal records.

  • DatabreachPedia


    In Austria, there is a general requirement under the General Data Protection Regulation for data controllers to notify personal data breaches to their regulator and in cases of likely high risk to the rights and freedoms of natural persons, also to them.

    Is it Mandatory to Notify Individuals?

    Yes, if the personal data breach is likely to result in a high risk to their rights and freedoms.

    Is it Mandatory to Notify Regulator?

    Yes, if the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.

    Notification Deadline

    72 hours

    Responsible Regulator

    Austrian Data Protection Authority
    Österreichische Datenschutzbehörde
    Hohenstaufengasse 3
    1010 Wien

    Tel. +43 1 531 15 202525
    Fax +43 1 531 15 202690
    E-mail: [email protected]

    Breach Notification Format

    Minimum requirements: nature of the breach, categories and approx. number of data subjects concerned, name and contact details of the DPO, likely consequences, measures taken/proposed to be taken. Austrian regulator provides a non-binding PDF notification form that covers a broader range of questions.

Want to learn more? Login to the full DataGuidance platform.

About OneTrust

OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO27001 and hundreds of the world’s privacy and security laws. OneTrust's three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit or connect on LinkedIn, Twitter and Facebook.