Where to notify a personal data breach?
Ransomware, malware, hacking and phishing … all phenomena that organisations are facing on a large scale. Data breaches are here to stay in our highly digitised world, and both large and small organisations have to deal with them. Even organisations that have far-reaching security policies in place can be affected, whether it comes from a crafty cybercriminal or a small mistake by an employee. The question is not whether an organisation will be affected, but rather when.
Data breaches under the GDPR should be reported to the Supervisory Authority. When it comes to complex corporate structures that cross national borders, it is not always easy to ascertain to which Supervisory Authority exactly a data breach should be notified. Lydian's Information Governance & Data Protection (Privacy) team therefore put together the attached practical flow chart to help you answer this question.