GDPR Glossary

What is Breach notification?

GDPR Glossary Also known as: 72-hour rule

The duty to report a risky personal data breach to the regulator within 72 hours, and to affected people without undue delay.

Where a breach is likely to risk people's rights and freedoms, the controller must notify the competent supervisory authority within 72 hours of becoming aware of it.

If the risk is high, the affected individuals must also be told without undue delay. Processors must alert their controller without undue delay.

In the Regulation

Related terms

Need this applied to your business?

Our data-protection lawyers turn GDPR terms into a working plan.

Get advice