Conor Donnelly writes:
One of the main changes under the GDPR is that all organisations must report a personal data breach to their supervisory authority within 72 hours, and in some cases to the individuals affected.
What is a personal data breach?
A personal data breach refers to a breach of security that can lead to the destruction, loss, alteration and unauthorised disclosure of, or access to, personal data. So a breach is more than just losing personal data.
How to report a breach
A breach must be reported to the relevant supervisory authority within 72 hours of an organisation becoming aware of it. Depending on the scale of the breach, it may be impossible to investigate a breach fully within the given timeframe, so organisations will be allowed to provide information in phases.
Read more on IT Governance.