The Data Breach and GDPR Guidelines

            It has been observed that EU has implemented a new law under General Data Protection Regulation (GDPR), so that all individuals and companies working in EU are bale to remain safe and protected. It is one of the most critical data privacy regulation developed in recent times. GDPR was implemented in May, 2018 and companies have to comply with rules and guidelines provided by GDPR . According to article 33 described in GDPR, it is said that if companies come to know that data has been attacked and breached by attackers, then it is their legal responsibility that they should not delay this information by hiding it from authorities, rather they should report it as soon as possible. It is said in the article that a company is obligated to report data breach within 72 hours. If data breach is not concerned with freedom as well as rights of natural persons, then companies have no responsibility to notify such data breach. Moreover, if they have delayed to notify the authorities other than 72 hours, then they must explain the reasons for this delay

            It has been clearly mentioned that data breach should be reported as early as possible, and as per GDPR rules, it should not exceed the limit of 72 hours. If any delay was made, and it was genuine with some considerable reasons, then these reasons can be shared with GDPR authorities. However, if a company is found guilty of delay in reporting data breach without any considerable reasons, then GDPR imposes heavy kind of fines on the company. However to impose penalty and fines, each case will be analyze individually. It has been revealed that if severe kind of data breach has happened, then fine amount can reach up to the level of €20m. But if cases are less severe and have not made any significant impact, then amount of penalty can be around €10m. It means that it is crucial for companies to follow the rules and guidelines provided by GDPR, otherwise they must be ready for the strict actions against them