Under the GDPR, data controllers are required to notify their supervisory authority when a personal data breach occurs, unless it is unlikely to result in risks to the rights and freedoms of individuals. The notification needs to be done without undue delay, no later than 72 hours after the controller has become aware of the breach (with some exceptions). It is crucial for organizations to understand their obligations and the details of this tight timeline as well as the risk-based triggers, and what they entail. In this session, we’ll review the personal data breach rules under the GDPR and provide tips to help you map out a 72-hour personal data breach action plan.

• Understand the implications of the GDPR for controllers and processors

• Map out a GDPR-ready 72-hour personal data breach action plan

• Outline the details of this tight timeline as well as the risk-based triggers and what they entail

• Implement efficient and effective data handling practices in the face of new GDPR requirements

Hugo Woog
Hugo Woog
CIPP & Privacy Engineer @ OneTrust