Comment by bflesch 1 day ago This is in breach of the 72hr GDPR notification window 5 comments bflesch Reply fmajid 1 day ago China’s is even more stringent at 4 hours, down to 1 hour for high-severity incidents:https://www.theregister.com/2025/09/16/china_1hour_cyber_rep...https://privacymatters.dlapiper.com/2025/09/china-new-strict... paulddraper 21 hours ago I am very impressed by those who can assess the scope and consequences within 4 hours, let alone 1 hour. gcbirzan 1 day ago Only the supervisory authorities are required to be informed in 72 hour, and even there, it's not a hard rule, you can have excuses. skeeter2020 1 day ago this is for the regulator or governing body, not public. Most big clients will have an explicit reporting window in their contract though
fmajid 1 day ago China’s is even more stringent at 4 hours, down to 1 hour for high-severity incidents:https://www.theregister.com/2025/09/16/china_1hour_cyber_rep...https://privacymatters.dlapiper.com/2025/09/china-new-strict... paulddraper 21 hours ago I am very impressed by those who can assess the scope and consequences within 4 hours, let alone 1 hour.
paulddraper 21 hours ago I am very impressed by those who can assess the scope and consequences within 4 hours, let alone 1 hour.
gcbirzan 1 day ago Only the supervisory authorities are required to be informed in 72 hour, and even there, it's not a hard rule, you can have excuses.
skeeter2020 1 day ago this is for the regulator or governing body, not public. Most big clients will have an explicit reporting window in their contract though
China’s is even more stringent at 4 hours, down to 1 hour for high-severity incidents:
https://www.theregister.com/2025/09/16/china_1hour_cyber_rep...
https://privacymatters.dlapiper.com/2025/09/china-new-strict...
I am very impressed by those who can assess the scope and consequences within 4 hours, let alone 1 hour.
Only the supervisory authorities are required to be informed in 72 hour, and even there, it's not a hard rule, you can have excuses.
this is for the regulator or governing body, not public. Most big clients will have an explicit reporting window in their contract though