You report a breach of GDPR to the relevant supervisory authority within 72 hours of the breach. You can find contact information for supervisory authorities in the European Data Protection Board directory. Notify users affected by the breach as soon as possible.
A breach notification to the supervisory authority should describe:
- the number of users affected
- consequences of the breach
- the actions taken to mitigate the consequences
- the contact details of your data protection officer