Complianz Privacy Suite

When to report a data breach?




Popular articles

Redirect Policy URL based on Region

How to redirect your policies based on region Some users might have checked all three regions to enable Complianz’s specific region cookie management. For these

Read More
Share on facebook
Share on twitter
Share on linkedin

Since 2016 businesses are obliged (according to the GDPR) to report certain data breaches. But when is a data breach really necessary to report? Find out in this article.

What is a data breach?

We speak of a data breach when personal data falls into the hands of third parties who should not have access to that data. A data breach is the result of a security problem. The most common data breaches are leaked computer files, although a stolen printed customer list can just as easily constitute a data breach.

Other examples: cyber attacks (including DDos), email sent to wrong addresses, stolen laptops and lost USB sticks.

If a company telephone is lost or stolen, it may be a data breach. If a private telephone is lost, there is no data breach.

When to report a data breach?

So, a data breach occured, but what’s next? Do you always have to report it? The answer is no, only when there are really bad consequences for those involved. This can be the case when:

– personal data of a sensitive nature have leaked. E.g. data on religion or belief, race, political persuasion, health, sexual life, trade union membership or criminal data.

– the nature and extent of the breach lead to (a significant likelihood of) serious adverse consequences for the protection of personal data. You may still need to report the data breach if the nature and extent of the breach is such that it leads to (a considerable risk of) serious consequences for the protection of personal data. This will be the case, for example, where a particularly large amount of personal data of large groups of data subjects has leaked.

– In both cases stated above, you have to report the data breach within 72 hours to the DPA. Some data breaches should be reported not only to the National DPA but also to the individuals to whom the data leaked relates. This is the case if the data breach is likely to have an adverse impact on the privacy of the individuals concerned.

Within the Complianz plugin you can find a data breach inventory which will help you decide whether you need to report your data breach or not!

Related articles

5 Responses

  1. Where can I find anything on your page regarding integration with Contact Form 7? I have activated Contact Form 7 integration but my contact form doesn’t show any GDPR consent checkbox. I have spend hours trying to find anything on the net. Please add a “How to” on your website. This feature is really totally disregarded by you guys. Thanks!

Leave a Reply

Your email address will not be published.


We have released 4.0 for Premium. For more information about and New Features...