X-GDPR-BREACH Informational

Notify GDPR Personal-Data Breaches Within 72 Hours

Official citation: GDPR Arts. 33-34

Class: informational · Severity: high

Statement of the obligation — verify against source

GDPR Arts. 33-34

What it means

If you process EU personal data, a breach triggers a 72-hour notice to the regulator and, for high-risk breaches, notice to the affected individuals. Processors (most vendors) must alert the controller promptly so the controller can meet its own clock.

Required by

— GDPR Arts. 33-34
GDPR — Arts. 33-34

Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.