GDPR: Dealing With the Mandatory 72-Hour Breach Notification Requirement

Subscriber Content
Screenshot of the first page of GDPR Dealing With the Mandatory 72-Hour Breach Notification Requirement
By
Michael Walter, Protiviti Managing Director, and Pam Kamath, Protiviti Associate Director

Article 33 of the General Data Protection Regulation (GDPR) requires that the data controller notify the appropriate supervisory authority in the event of a personal data breach no later than 72 hours after becoming aware of it. Organizations appear to be taking this requirement to heart. The Information Commissioner’s Office (ICO), the UK’s data privacy watchdog and GDPR enforcer, received 1,750 breach reports in June 2018 – a number that far exceeds the 400 breaches on average reported in April and May.

This article explores personal data breaches and offers eight recommended actions organizations can use for responding to breaches within the 72 hours.


Topics
Compliance
Laws & Regulations
European Union
Data Security
Privacy
Document Retention

Related Resources

Articles

GDPR: Here’s What’s Happened So Far

Articles

GDPR and How It Affects Third-Party/Vendor Handling of Personal and Employee Data

Articles

GDPR: Legitimate Interest vs. Consent

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.

Let's Do It