Required to Notify The PDPC

Your organisation’s data breach should be notifiable to the PDPC as soon as practicable, but in any case, no later than three (3) calendar days. Any unreasonable delays in notifying the relevant parties will be a breach of the Data Breach Notification Obligation. Organisations must notify affected individuals as soon as practicable, at the same time or after notifying the PDPC.

Please refer to our Guide to Managing and Notifying Data Breaches under the PDPA for more information.