• Blog

Data Breach Notifications

A data breach when information is accessed without authorization. Data breaches can hurt businesses and consumers in a variety of ways, and the GDPR and the CCPA outline specific protocols that businesses must follow in the event that it occurs.

What Is a Data Breach?

Put simply, a data breach when information is accessed without authorization. Data breaches can hurt businesses and consumers in a variety of ways. Globally, the average total cost to a company of a data breach is $3.86 million, according to a study by the Ponemon Institute.

In the instance of a data breach, the GDPR and the CCPA outline specific protocols that businesses must follow. Businesses must report data breaches within 72-hours of their occurrence. The reporting must be made to the supervising authority in order to better protect the individual.

How Does the Law Define a Data Breach?

Article 4 of the GDPR defines a personal data breach as a: “Breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.” In the instance of a data breach the prompt reporting process begins.

What is proper reporting protocol in the case of a data breach?

If an organization has a data breach, must comply with the following as stated in article 33 of the GDPR:

  1. Describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
  2. Communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
  3. Describe the likely consequences of the personal data breach;
  4. Describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

Are There Major Differences in Data Breach Reporting Policy Between GDPR and the CCPA?

Not really, no. Data breach reporting obligations are present in both pieces of legislation guaranteeing the privacy rights of all EU citizens and some United States citizens.

There are a few, slight differences in data breach reporting policy in the pieces of legislation. While the CCPA requires reporting to the California Attorney General, the GDPR requires reporting is done to a more broadly defined supervising authority as defined in article 55 of the GDPR. Interestingly enough, California had a data breach reporting law in place before the CCPA came into existence. The previously passed California Data Breach Notification Law required all businesses in California to report data breaches but the soon-to-be-implemented CCPA better defined these measures without replacing the preexisting framework.

  • Ethyca announces fundraise, doubles annual revenue with new enterprise clients, and reveals new brand.

    Read More
  • Today we’re announcing faster and more powerful Data Privacy and AI Governance support

    Read More
  • See new feature releases enhancing user experience, adding new integrations and support for IAB GPP

    Read More
  • Learn more about the privacy and data governance enhancements in Fides 2.27 here.

    Read More
  • Read Ethyca’s CEO Cillian Kieran describe why and how an open data governance ontology enables companies to comply with data privacy regulations and frameworks.

    Read More
  • Ethyca sponsored the Unpacking Privacy Engineering for Lawyers webinar for the Interactive Advertising Bureau (IAB) on December 14, 2023. Our CEO Cillian Kieran moderated the event and ran a practical discussion about how lawyers and engineers can work together to solve the technical challenges of privacy compliance. Read a summary of the webinar here.

    Read More

Ready to get started?

Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!

Speak with Us

Sign up to our Newsletter

Stay informed with the latest in privacy compliance. Get expert insights, updates on evolving regulations, and tips on automating data protection with Ethyca’s trusted solutions.