The definition of a ‘personal data breach’ within the GDPR provides little help to organisations in determining whether or not a breach has occurred. Helpfully, the Guidelines have categorised three types of breach:
The Guidelines rely upon practical examples of problems that could occur in a normal working environment. One example of a data breach which would surprise many organisations is an ‘availability breach’ where a customer’s personal data is unavailable for a certain period of time due to a system shut down.