Personal data breaches

A personal data breach is a security incident leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. It can lead to physical, material, or non-material damage for individuals, including loss of control over personal data, limitation of rights, discrimination, identity theft or fraud, or financial loss.
Organisations must document and handle data breaches appropriately.
The EDPB provides guidance to help organisations fulfil their responsibilities as data controllers and processors, clarifying which data breaches require notification to the competent data protection authority within 72 hours, and which breaches require communication to the affected individuals.