How does a data controller know, in the case of a personal data breach, whether it must report the breach to the supervisory authorities? How can we prevent “notification fatigue” or meaningless notifications to authorities? This article will explore such questions. In the majority of jurisdictions, personal data protection regulations impose a mandatory requirement to notify individuals and/or supervisory authorities when a personal data breach has occurred, even where personal data is not affected.
Source: Do I need to report this breach?