What is personal data breach?

A personal data breach is a security incident when confidential, private, protected, or sensitive information is accessed without the informed consent of the individuals who are the subjects of the data. Article 4, GDPR defines it as “the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.

A breach can occur due to an unintentional error or intentional attacks by cybercriminals. It can affect anyone who has provided personal information i.e data subjects and anyone who has collected and stored it i.e. data controllers and data processors. As per Article 33 of GDPR, data controllers must report any breach to the proper supervisory authority within 72 hours of becoming aware of it.