Reporting a GDPR Breach: Who to Inform and How

Arpan Nanavati

Learn who to report a GDPR breach to and how to do it, including what information to include in a breach report and what happens after reporting a breach.

Save 90% on your legal bills

Start Today

As a data controller or processor, it's essential to know who to report a breach of GDPR to. In this article, we'll guide you through the process of reporting a GDPR breach, including who to inform and how to do it.

The General Data Protection Regulation (GDPR) is a set of rules designed to protect the personal data of individuals within the European Union (EU). If a breach occurs, it's crucial to report it to the relevant authorities to ensure compliance with the regulation.

In this article, we'll cover:

  • Who to report a GDPR breach to
  • How to report a GDPR breach
  • What to include in a GDPR breach report
  • What happens after reporting a GDPR breach

Who to Report a GDPR Breach To

According to Article 33 of the GDPR, data controllers and processors must report a breach to the relevant supervisory authority within 72 hours of becoming aware of the breach. The supervisory authority is responsible for overseeing the implementation of the GDPR and ensuring compliance with the regulation.

In the EU, there are 28 supervisory authorities, one for each member state. You can find the contact information for your local supervisory authority on the European Data Protection Board's website.

How to Report a GDPR Breach

When reporting a GDPR breach, you'll need to provide the supervisory authority with the following information:

  • A description of the breach, including the nature and extent of the breach
  • The categories and approximate number of individuals affected by the breach
  • The likely consequences of the breach
  • The measures taken to address the breach
  • The measures taken to prevent future breaches

What to Include in a GDPR Breach Report

When reporting a GDPR breach, you'll need to provide the supervisory authority with a detailed report that includes the following information:

  • A description of the breach, including the nature and extent of the breach
  • The categories and approximate number of individuals affected by the breach
  • The likely consequences of the breach
  • The measures taken to address the breach
  • The measures taken to prevent future breaches

What Happens After Reporting a GDPR Breach

After reporting a GDPR breach, the supervisory authority will investigate the breach and take appropriate action. This may include:

  • Notifying the individuals affected by the breach
  • Imposing fines or penalties on the data controller or processor
  • Requiring the data controller or processor to take corrective action

Conclusion

Reporting a GDPR breach is a critical step in ensuring compliance with the regulation. By following the guidelines outlined in this article, you can ensure that you're reporting a breach correctly and minimizing the risk of penalties or fines.

Legal help, anytime and anywhere

Join launch list and get access to Cimphony for a discounted early bird price, Cimphony goes live in 7 days
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Unlimited all-inclusive to achieve maximum returns
$399
$299
one time lifetime price
Access to all contract drafting
Unlimited user accounts
Unlimited contract analyze, review
Access to all editing blocks
e-Sign within seconds
Start 14 Days Free Trial
For a small company that wants to show what it's worth.
$29
$19
Per User / Per month
10 contracts drafting
5 User accounts
3 contracts analyze, review
Access to all editing blocks
e-Sign within seconds
Start 14 Days Free Trial
Free start for your project on our platform.
$19
$9
Per User / Per Month
1 contract draft
1 User account
3 contracts analyze, review
Access to all editing blocks
e-Sign within seconds
Start 14 Days Free Trial
Lifetime unlimited
Unlimited all-inclusive to achieve maximum returns
$999
$699
one time lifetime price

6 plans remaining at this price
Access to all legal document creation
Unlimited user accounts
Unlimited document analyze, review
Access to all editing blocks
e-Sign within seconds
Start 14 Days Free Trial
Monthly
For a company that wants to show what it's worth.
$99
$79
Per User / Per month
10 document drafting
5 User accounts
3 document analyze, review
Access to all editing blocks
e-Sign within seconds
Start 14 Days Free Trial
Base
Business owners starting on our platform.
$69
$49
Per User / Per Month
1 document draft
1 User account
3 document analyze, review
Access to all editing blocks
e-Sign within seconds
Start 14 Days Free Trial

Save 90% on your legal bills

Start Today
Services
Company FormationEmployment / HRCommercial ContractsAssistantFundraise Wills, Trust & Estate plan
Industries
SMBsStartupsLegal TeamsLaw Firms
Resources
Contact usBlogDocumentsTerms of servicePrivacy policyAffiliate ProgramCompliance Audit
© 2025 Cimphony AI, Inc | All Rights Reserved

Cimphony P.C. is a registered law firm in the state of Pennsylvania. Cimphony AI, Inc. is a non-law corporation incorporated under the laws of the State of Delaware. Legal services are provided exclusively by Cimphony P.C. and require both an onboarding call and a signed engagement letter. Self-help services are offered by Cimphony AI, Inc., which is not a law firm, does not provide legal advice, and is not a substitute for an attorney. All content on our website and communications via email, chat, social media, or other channels are for informational and educational purposes only