nerdexam
(ISC)2

CISSP · Question #727

Under the General Data Protection Regulation (GDPR), what is the maximum amount of time allowed for reporting a personal data breach?

The correct answer is C. 72 hours. Under the General Data Protection Regulation (GDPR), the maximum amount of time allowed for reporting a personal data breach is 72 hours. This means that organizations must notify the relevant supervisory authority within 72 hours of becoming aware of a personal data breach, unle

Submitted by klara.se· Mar 5, 2026Security and Risk Management

Question

Under the General Data Protection Regulation (GDPR), what is the maximum amount of time allowed for reporting a personal data breach?

Options

  • A24 hours
  • B48 hours
  • C72 hours
  • D96 hours

How the community answered

(42 responses)
  • A
    2% (1)
  • B
    2% (1)
  • C
    95% (40)

Explanation

Under the General Data Protection Regulation (GDPR), the maximum amount of time allowed for reporting a personal data breach is 72 hours. This means that organizations must notify the relevant supervisory authority within 72 hours of becoming aware of a personal data breach, unless the breach is unlikely to result in a risk to individuals' rights and freedoms.

Topics

#GDPR#data breach notification#regulatory compliance

Community Discussion

No community discussion yet for this question.

Full CISSP Practice