GDPR

Personal Data Breach

A personal data breach is a security incident that accidentally or unlawfully leads to the destruction, loss, alteration or unauthorized disclosure of personal data.

Why it matters

GDPR requires notification to the supervisory authority within 72 hours for any breach presenting a risk, and sometimes direct notification to affected individuals: a deadline that is often too tight without a procedure prepared in advance.

Concrete example

After a laptop containing an unencrypted customer database is stolen, a company notifies the supervisory authority within 72 hours as required by its incident response plan.

Related notions

Breach notificationIncident responseData encryption

Assess your organization's maturity on this topic

Start the diagnostic
Back to glossary