skip to main content


This report outlines Ovum's view of how organizations should respond to the challenge of the data breach reporting requirements within the EU General Data Protection Regulation (GDPR) Articles 33/34.


  • Financial penalties are not the only negative consequence of breaches of personal data. Data breaches (and often the attendant publicity) erode citizens’ trust in organizations, and when reputations and brand value are affected, the impact is commonly felt at executive level.
  • The function responsible for data breach reporting should maintain ongoing readiness to activate fast, accurate breach assessment and reporting at short notice, in a way that is fully compliant and has cross-organizational agreement.

Features and Benefits

  • Details how different organizational functions should support data breach reporting.
  • Details functional features that should be evaluated within solutions that may support data breach reporting.
  • Illustrates how organizational investment plans are being affected by the need to deal with GDPR requirements.

Key questions answered

  • What does my organization have to consider in formulating its approach to data breach reporting under GDPR?
  • How might we use software solutions to support this key requirement?
  • What kind of features should we look for in a solution to support GDPR data breach reporting?

Table of contents

Ovum view

  • Summary
  • Breaches of GDPR-regulated data represent a substantial risk to organizations
  • Organizational capabilities must be aligned and integrated with breach reporting obligations
  • Solution requirements are likely to reflect a wide range of activities to prepare for breach reporting
  • Strong data governance capabilities must underpin breach reporting


  • Further reading
  • Author