A personal data breach is a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
- If the data breach poses a risk to the individuals concerned, you must report it to the relevant data protection authority within 72 hours.
- If the breach is likely to result in a high risk to individuals, you will also need to communicate that breach to the individuals concerned without undue delay.
In any case, for all breaches – even those that are not notified to a DPA - you must record at least the basic details of the breach, the assessment thereof, its effects, and the steps taken in response.
More information: