← Back to Glossary

Data Breach

A security incident that leads to unauthorized access, disclosure, alteration, or destruction of personal data.

Under GDPR, a personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. This includes both deliberate attacks (hacking, ransomware) and accidental incidents (lost laptops, misdirected emails). When a breach occurs, the controller must: assess the risk to individuals, notify the supervisory authority within 72 hours if the breach poses a risk to individuals' rights and freedoms, notify affected individuals without undue delay if the breach is high-risk, and document the breach and response. Under HIPAA, covered entities must notify affected individuals, HHS, and (for breaches affecting 500+ individuals) the media within 60 days.

Related Terms

GDPR (General Data Protection Regulation)HIPAA (Health Insurance Portability and Accountability Act)Supervisory Authority (Data Protection Authority)

Ready to Simplify Your Compliance?

Start automating your privacy compliance today. No credit card required.

Start Free