What does it mean that we have 72 hours to report a breach?

What does it mean that we have 72 hours to report a breach?

When you are data controller

From the moment a personal data breach has been confirmed, your organisation has 72 hours to decide (and report) if it presents a high risk of harm to the rights and freedoms of an individual and if so it must be reported to your Data Protection Authority.

When you are processor

From the moment your organisation suspects a personal data breach has occurred, as processor, there is a legal obligation (which is also stipulated in the Data Processing Agreement DPA, that has been signed) to inform the data controller. Some DPAs have a timeframe stipulated how long the processor has. If this is not in the agreement, then the GDPR states that this should be done without undue delay.

Process / procedural templates

There are some simple process flows (free templates) created specifically for the small-medium organisation in mind. They are created using SmartArts, which can be edited.
    • Related Articles

    • What is a privacy risk?

      Making GDPR compliance easy with Privasee · Privacy Risk Definition Privacy risk is the potential harm to the rights and freedoms of the natural person. Now, if you come from an IT background and have an IT hat you can be forgiven in thinking that ...
    • What is a personal data breach?

      Making GDPR compliance easy with Privasee · Personal Data Breach Definition A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data ...
    • What is Privacy by Design?

      Privacy by design principles were created by Ann Cavoukian in the 1990s which became an international standard in 2010. The main focus talked about today is privacy as a default setting and embedded privacy. ENISA has created a document which gives ...
    • What does having a legal obligation mean?

      Making GDPR compliance easy with Privasee · Article 6c, legal obligation Article 6c, legal obligation. Processing is necessary for compliance with a legal obligation to which the controller is subject. Now, let's take this book you purchased on the ...
    • 5 Simple Rules on the use of personal data in your daily work, to achieve compliance with GDPR

      Use GDPR privacy awareness training and policy documents to help you to build awareness on these 5 simple rules for working with personal data across your organisation! 1. Have a SPECIFIC PURPOSE All processing/use of personal data in your work must ...