When should you report a GDPR data breach?

If there’s a data breach under GDPR that could risk people’s rights or freedoms, it’s got to be reported to the proper authority within 72 hours of realising there’s an issue. If it’s a major breach, the individuals affected have to be told as well, as quickly as possible. The report needs to spell out what went wrong, how many people might be affected, what might happen because of it, and what’s being done to sort it out and lessen any harm. Quick action is key to limit the damage and stay compliant with GDPR’s expectations.