The General Data Protection Regulation (GDPR) is a broad set of regulations that dictate how a company handles the personal data of citizens within the European Union. Article 33 and 34 of the GDPR outlines the requirements to notify both a supervisory authority and affected data subjects in the event of a data breach. When to report a breach and which authority you should report the incident to are not as clear. Failure to notify a data protection authority of a breach can result of a fine of 10 million or 2 percent of a companys global turnover.”]
Source: https://www.csoonline.com/article/3383244/how-to-report-a-data-breach-under-gdpr.html