Personal data breaches - how to respond in 2026?

The growing number of cyberattacks and incidents resulting from human error means that personal data breaches remain one of the most significant challenges for data controllers. Under GDPR, each breach must be assessed in terms of the risk it poses to the rights and freedoms of individuals and, where required, reported to the supervisory authority within 72 hours.

Not every breach requires notification, but each must be properly documented. In practice, this means maintaining a breach register, implementing incident response procedures, and conducting regular employee training. The most common incidents include emails sent to the wrong recipient, loss of company devices, and unauthorized access to IT systems.

The role of the DPO is not limited to supporting breach assessment. It also involves fostering a culture of information security within the organization. An effective response combines prompt action, a reliable risk assessment, and transparent communication with affected individuals.

Personal data breaches – how to respond in 2026?

AI in organizations and GDPR - what should Personal Data Administrator watch out for?

Monitoring employees and customers - limits of permissibility