A Practical Guide to Personal Data Breach Notifications under the GDPR

This guidance note is intended primarily to give data controllers some practical advice on how to handle data breaches and navigate the mandatory data breach notification regime, which was introduced by the General Data Protection Regulation (GDPR) in May 2018. This guidance may also be of assistance to the public at large where concerns arise regarding compliance with the breach notification regime.

This guidance was produced following an analysis of the trends and statistics observed by the Data Protection Commission (DPC) during the first year of the GDPR mandatory breach reporting regime. The statistics and trends analysed covered data breach notifications received in the first year since 25 May 2018, the details of which are set out in a separate information note on breaches trends and statistics published by the DPC.

A Practical Guide to Personal Data Breach Notifications under the GDPR - Full Guidance Note