Quick Guide to GDPR Breach Notifications

This quick guide is intended primarily to help controllers better understand their obligations regarding notification and communication requirements – covering both notification to the DPC, but also communication to data subjects, where applicable.

The key questions covered below should give an overview of the GDPR breach notification regime, to assist controllers understand their basic obligations under this regime. Information on breach notifications, as well as the link to the breach notification form, can also be found on our breach notification page.

There are two primary obligations on controllers under this regime: (a) notification of any personal data breach to the DPC, unless they can demonstrate it is unlikely to result in a risk to data subjects; and (b) communication of that breach to data subjects, where the breach is likely to result in a high risk to data subjects. It is of utmost importance that controllers understand and comply with both of these obligations.

Quick Guide to GDPR Breach Notifications: Full Guidance Note