A Personal Data Breach is a security incident where personal data is accidentally or unlawfully destroyed, lost, altered, or disclosed to unauthorized parties. Under GDPR, organizations must report breaches to supervisory authorities and affected individuals in certain circumstances.
When a breach occurs, organizations must notify the relevant data protection authority unless the risk to data subjects is low. If there is high risk, data subjects must also be notified. The notification must be made within 72 hours of becoming aware of the breach and must include details about the breach and recommended actions.