← Full glossary
Personal data breach
A security incident leading to the accidental or unlawful destruction, loss, alteration or unauthorised access to personal data — for example an email sent to the wrong recipient, a lost laptop or a hacking attack. A breach must as a rule be notified to the data protection authority within 72 hours, unless it is unlikely to pose a risk to data subjects. If the risk is high, the affected individuals must also be informed. Every breach — including those not notified — must be documented in an internal log.
Related module