A personal data breach is a breach of security resulting in the destruction, loss, alteration or unauthorized disclosure of personal data.
According to Article 33 of the GDPR, as a processor, you must notify controllers of any personal data breach as soon as possible after becoming aware of it and offer your assistance to assess the impacts on data subjects’ lives.
On the basis of this notification, controllers will have to notify the data breach to the competent supervisory authority under the conditions of Article 33 of the GDPR and communicate to data subjects such a breach under the conditions of Article 34 of the GDPR.