The Austrian Data Protection Act (DPA) has been substantially revised for the first time since becoming effective in 2000. The revised DPA introduced a “data breach notification duty” to the Austrian data protection regime, which is similar to the respective obligations under U.S. and UK data privacy laws. With this, Austria (in addition to Germany) is one of the first Member States to implement such an information duty. In a nutshell, this obligation requires every data controller in Austria to inform data subjects properly if he becomes aware of a systematic and seriously unlawful misuse of their data. The revised DPA also provides for new provisions about the processing of personal data in the course of videotaping / video monitoring, the data subjects’ rights of data access, and a new approach of self registration through the data controller combined with a massive extension of the authority’s competencies. The administrative fines for breaches of the DPA were also raised to a maximum penalty of EUR 25,000 for deliberate violation of those provisions and EUR 10,000 for violation of the notification and information obligations of the DPA.