Q&As

When does the 72–hour time limit for notifying the ICO of a data breach come into force and start to run?

read titleRead full title
Published on LexisPSL on 06/06/2018

The following Risk & Compliance Q&A provides comprehensive and up to date legal information covering:

  • When does the 72–hour time limit for notifying the ICO of a data breach come into force and start to run?

Article 33 of the General Data Protection Regulation (GDPR), which imposes data breach notification requirements, came into force on 25 May 2018. The requirement to notify the Information Commissioner's Office (ICO) of a data breach therefore came into force on 25 May 2018. The precise wording is as follows:

‘In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent…unless the personal data breach is unlikely to result in a risk to the rights and

Related documents:

Popular documents