One of the key reasons that organisations are anxious about the General Data Protection Regulation (GDPR) is its strict data breach notification requirement, specified in Articles 33-34, stating that organisations have only 72 hours to report a breach to supervisory authorities, which is easier said than done.
Three most asked questions about data breach reporting are:
- What processes need to be in place in order to respond to a personal data breach?
- How do you report a breach to the supervisory authority?
- How should I inform individuals about the breach?