Developing a GDPR-Ready Incident & Breach 72-Hour Action Plan

Presented by: OneTrust


Under the GDPR, controllers are now required to notify their supervisory authority when a personal data breach occurs, unless it is unlikely to result in risks to the rights and freedoms of individuals. The notification needs to be done without undue delay, no later than 72 hours after the controller has become aware of the breach (with some exceptions). It is crucial for privacy practitioners to understand the details of this tight timeline as well as the risk-based trigger, and what they entail. In this session, Tim Van Baelen ,Advisor at KPMG,  and Joris Weyn, Senior Manager at KPMG, review the personal data breach rules under the GDPR and provide tips to help you map out a 72-hour personal data breach action plan.

Download Associated PDF

Attend a Workshop

Free CCPA & GDPR Workshops

In Over 100 Cities Around the World

In-person workshops focused on understanding regulatory requirements and how to implement in practice.