Use this button to switch between dark and light mode.

Notifying the Public of a Data Breach or Cyber Attack (GDPR Compliant)

August 11, 2021 (1 min read)

This GDPR-compliant template can be published on an organization’s website or as a press release to let the public know about a data breach or cyberattack. There is no obligation under the EU General Data Protection Regulation (GDPR) to issue a public statement. However, the GDPR provides that where it would involve disproportionate effort to notify affected data subjects individually, such notification is not required, but you must instead issue a public communication or similar measure whereby data subjects are informed in an equally effective manner.


Related Content

  • Rights of Data Subjects Under the General Data Protection Regulation (GDPR)
    Explore requirements and rights provided to individuals (data subjects), as set out in both the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR), which remains applicable in the EEA, and the United Kingdom General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR), applicable under UK laws and largely based on the EU GDPR.
  • GDPR Compliance Training Presentation
    Use this information to prepare a presentation to train personnel about the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) and how to comply with it. 


Practical Guidance Updates

Featuring the latest updates from your Practical Guidance account.   

Experience results today with practical guidance, legal research, and data-driven insights—all in one place.

Experience Lexis+