Within 72 hours of becoming aware of a data breach, GDPR will require it to be reported to the relevant supervisory authorities. If businesses fail to notify the authorities of a breach, there could be a fine of as much as 2% of its turnover or as much as 10 million Euros.
The Data Protection Officer (DPO) within the business will have the role of reporting data breaches. However, every department will be expected to have the correct processes in place to ensure that they are alerted should a breach take place.
There will also be an expectation for businesses to report a data breach to the public, depending on its nature and severity – this will have to be carried out with minimal delay.