DATA RISK INTELLIGENCE    |    GDPR       |    WHITEPAPERS

Contact us Today!


GDPR 72 Hour Data Breach Notifications

 
Article 33 of the GDPR requires data controllers to provide notification of data breaches without undue delay and not later than 72 hours after becoming aware of it. Delayed notifications must be accompanied by an explanation of the reasons for the delay.

The breach notification must include the nature of the breach, the approximate number of data subjects concerned, the category or approximate number of data records, the likely consequences of the breach, the measures taken to mitigate its adverse effects, and the name and contact details of the data protection officer (or DPO as a service).

Breach notification laws have been around for over 15 years and many organizations are familiar with the hassle of inconsistent rules and divergent timelines for notice obligations. GDPR raises the bar yet again through the 72-hour mandate for notice to supervisory authorities. Beyond the mechanics of legal obligations, organizations have long known that a primary point of loss often results from the processors and other third parties that have access to their consumer data.

dataprotection

Of course, for GDPR focused organizations, it is impossible to meet the 72-hour timeline for notification to supervisory authorities without having detailed knowledge about the identity of all third parties. Privacy and compliance teams may hear about a particular breach that occurs but unless they know the elements of their consumer information has been shared with the impacted vendor, they would not be able to ask the right questions or satisfy the various deadlines for notice in applicable law. For GDPR and other breach notice laws, delayed notifications must be accompanied by an explanation of the reasons for the delay and lack of proper third party management is hardly an acceptable reason for failure to meet regulatory deadlines.

Contact Clarip Today for Help with CCPA and GPDR

The Clarip team and data privacy software are prepared to help your organization improve its privacy practices. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.

If your challenge right now is CCPA compliance for your California operations, allow us to show you our CCPA software. From consent management software to offer the option to opt-out of the sale of personal data, to a powerful DSAR Portal to facilitate the right to access and delete, Clarip offers enterprise privacy management at an affordable price.

If you are preparing your European operations for GDPR compliance, we can help through our modular GDPR software. Whether you are looking to start the process with GDPR data mapping software, increase automation in your privacy program with DPIA software, or handle ePrivacy with a cookie consent manager, Clarip has the privacy platform that you need to bolster your program.

Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.