Can be defined as any security incident that affects the confidentiality, integrity or availability of personal data. Therefore a data breach, for example, can occur every time data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it without proper authorisation; or if the data is made unavailable, for example, when it has been encrypted by ransomware or accidentally lost or destroyed.
Personal data breach is defined in Art. 4 (12) GDPR:
“Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.”