Under GDPR and similar regulations, organizations must notify authorities and affected individuals of significant data breaches promptly. The 72-hour clock starts when the breach is discovered.
Failure to notify can result in substantial fines. Organizations should maintain breach detection and notification procedures to meet this critical compliance requirement.