A personal data breach is a security incident that accidentally or unlawfully leads to the destruction, loss, alteration or unauthorized disclosure of personal data.
GDPR requires notification to the supervisory authority within 72 hours for any breach presenting a risk, and sometimes direct notification to affected individuals: a deadline that is often too tight without a procedure prepared in advance.
After a laptop containing an unencrypted customer database is stolen, a company notifies the supervisory authority within 72 hours as required by its incident response plan.
Assess your organization's maturity on this topic
Start the diagnostic