The General Data Protection Regulation (GDPR) is a broad set of regulations that dictate how a company handles the personal data of citizens within the European Union. Articles 33 and 34 of the GDPR outlines the requirements to notify both a supervisory authority and affected data subjects in the event of a data breach.
While the details of what an organization needs to report in the event of a breach is defined within the legislation, when to report a data breach and which authority you should report the incident to are not as clear. Do you know when your organization should report a data breach, what you need to report, and where to report it to stay GDPR compliant?
Leave a reply