The 72-hour rule
Art. 33 GDPR requires that a personal data breach be notified to the competent supervisory authority within 72 hours of becoming aware of it — unless the breach is unlikely to result in a risk to individuals' rights and freedoms. This is a tight window, and the notification must be substantive. AGIDAT helps you respond correctly and on time.
Immediate response support
- Incident assessment — does this breach require notification? To whom?
- Risk assessment — what is the risk to affected individuals?
- Supervisory authority notification — drafting and submitting the Art. 33 GDPR notification
- Individual notification — drafting the Art. 34 GDPR communication to affected persons
- Incident documentation — mandatory internal breach log per Art. 33(5) GDPR
- Coordination with IT and legal — structured incident response
Preparation is key
The best time to prepare for a data breach is before it happens. We help you establish a breach response procedure so that when an incident occurs, your team knows exactly who does what and when — minimizing response time and regulatory risk.