A breach is an event that results in deletion or alteration of your personal data, or unauthorised access or disclosure.
Examples of breaches include:
- hacking of an social network by outsiders and publication of photographs taken by you on a publically accessible website
- malicious changes to information about you by disgruntled employees
- accidental changes to information about you as a result of computer system error
An organisation has a legal duty to report a data breach to the supervisory authority if the effect of the breach of your data is likely to harm significantly your economic or social position. The notification must take place within 72 hours.
Whether an event is significant enough to be a breach is subjective. The organisation may not agree with you about whether a breach occurred.
The risk to your wellbeing must be much higher for the organisation to have to tell you about a breach. You must be notified immediately.