According to GDPR Policy, how quickly must breaches be reported once a company is aware of the incident?

Under the General Data Protection Regulation (GDPR), organizations are mandated to report any personal data breach to the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach. This requirement aims to ensure that privacy and personal data protection are upheld, and it allows for timely action to mitigate any potential harm resulting from the breach.

Meeting this 72-hour threshold gives authorities and organizations the opportunity to address the breach effectively, thus safeguarding affected individuals' rights and personal data. This provision underscores the importance of having robust incident response plans and being prepared to act swiftly when data breaches occur.