"«Personal data breach» means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;" [GDPR Article 4, 12)]
Every personal data breach shall be notified to the DPO, without undue delay, for registration and evaluation of the measures to be taken.
The notification to the DPO shall be made by email to the address firstname.lastname@example.org, and shall at least address the following topics:
Personal data breaches
which may pose a
risk for natural persons, must be reported to the Supervisory Authority within 72 hours of being detected. Communication to the Supervisory Authority shall be made through the DPO.