Skip to content

Definition: Breach Notification (GDPR)

Breach Notification under GDPR refers to the mandatory requirement for organizations (data controllers) to notify relevant parties in the event of a personal data breach.

Key Requirements:

  • Notification to Supervisory Authority: Controllers must notify the appropriate data protection supervisory authority without undue delay, and where feasible, not later than 72 hours after becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons. The notification must contain specific details about the breach.
  • Notification to Data Subjects: If the breach is likely to result in a high risk to the rights and freedoms of individuals, the controller must communicate the breach to the affected data subjects without undue delay, unless certain conditions are met (e.g., data was encrypted, subsequent measures mitigate the risk).
  • Documentation: Controllers must document all breaches, comprising the facts relating to the breach, its effects, and the remedial action taken.
  • Relevance: Impacts security protocols and incident response plans for any system handling personal data, including those managed, migrated, or archived using Helix services or platforms.