Millions of companies worldwide are covered by the European Union’s General Data Protection Regulation (GDPR). This security regulation has been implemented to protect personal data and, at the same time, tell you what you need to do if your company experiences a security breach.
Understanding Notification Obligation GDPR
Any company or organization that experiences a security breach must, according to Article 33 of the law, report the breach to a Data Protection Authority (DPA) within 72 hours if they want to remain GDPR compliant. You may request an extension on this deadline in situations where it was not possible to report the breach within the specified 72 hours. You’ll need to complete and submit an online form to report the breach, but this depends on the method used by the DPA you report to in your region. To be safe, collect as much information as you can so that you have everything at hand when the time comes.
What to Include in a Data Breach Notification
This is the information you’ll need to include in your breach notification:
- Details of the breach How it happened, how many people were affected, how many records were exposed or lost, and the categories of data affected
- Relevant contacts Names and contact details of all the relevant role players
- Result of the security breach Either what happened or what could happen as a result of the breach
- Measures you have taken All the details and steps you have taken to fix the security breach
Discussion
Related Posts
If you enjoyed reading this, please explore our other articles below: