GDPR regulations imposed on the institutions and companies a duty of reporting of breach together with information about possible risks. Depending on the level of the breach, the incident must be reported to UODO at the first stage. If the breach is characterized by a high level, the organization or a company must inform a person whose personal data has been infringed – explains Artur Piechocki on money.pl