How long do data controllers have to notify data protection authorities of a data breach?

Disable ads (and more) with a membership for a one time $4.99 payment

Study for the Salesforce Marketing Cloud Associate Certification Exam. Engage with interactive questions, hints, and elaborate explanations. Prepare effectively for your certification journey!

The requirement for data controllers to notify data protection authorities of a data breach is stipulated under regulations such as the General Data Protection Regulation (GDPR). According to these regulations, data controllers are mandated to report any personal data breach to the relevant supervisory authority within 72 hours of becoming aware of it, provided that the breach is likely to result in a risk to the rights and freedoms of individuals.

This 72-hour window emphasizes the importance of timely action in the event of a data breach, as it allows authorities to take necessary measures to mitigate potential damage and protect individuals impacted by the breach. The goal is to ensure transparency and accountability in the handling of data breaches, reinforcing the protection of personal data rights for individuals.

The specified timeframe of 24 hours is insufficient for most organizations to properly assess the breach and gather the necessary information required for reporting. A time period longer than 72 hours, such as one week or 30 days, would potentially delay essential protective measures and increase the risk to affected individuals, hence is not compliant with the regulatory requirements.

More Multiple Choice Questions