Data Breaches or suspected Data Breaches
All breaches or suspected breaches once discovered should be reported to the Data Protection Officer at firstname.lastname@example.org without delay for assessment.
Under the GDPR, a breach, which is reportable to the Data Protection Commissioner, must be reported not later than 72 hours after having become aware of it.
All incidents in which personal data has been put at risk should be reported to the Office of the Data Protection Commissioner as soon as the Data Protection Officer becomes aware of the incident, except when the full extent and consequences of the incident has been reported without delay directly to the affected data subject(s) and it affects no more than 100 data subjects and it does not include sensitive personal data or personal data of a financial nature. In case of doubt – in particular any doubt related to the adequacy of technological risk-mitigation measures – the DP Officer should report the incident to the Office of the Data Protection Commissioner.