Comment by bflesch 2 months ago This is in breach of the 72hr GDPR notification window 5 comments bflesch Reply fmajid 2 months ago China’s is even more stringent at 4 hours, down to 1 hour for high-severity incidents:https://www.theregister.com/2025/09/16/china_1hour_cyber_rep...https://privacymatters.dlapiper.com/2025/09/china-new-strict... paulddraper 2 months ago I am very impressed by those who can assess the scope and consequences within 4 hours, let alone 1 hour. gcbirzan 2 months ago Only the supervisory authorities are required to be informed in 72 hour, and even there, it's not a hard rule, you can have excuses. skeeter2020 2 months ago this is for the regulator or governing body, not public. Most big clients will have an explicit reporting window in their contract though
fmajid 2 months ago China’s is even more stringent at 4 hours, down to 1 hour for high-severity incidents:https://www.theregister.com/2025/09/16/china_1hour_cyber_rep...https://privacymatters.dlapiper.com/2025/09/china-new-strict... paulddraper 2 months ago I am very impressed by those who can assess the scope and consequences within 4 hours, let alone 1 hour.
paulddraper 2 months ago I am very impressed by those who can assess the scope and consequences within 4 hours, let alone 1 hour.
gcbirzan 2 months ago Only the supervisory authorities are required to be informed in 72 hour, and even there, it's not a hard rule, you can have excuses.
skeeter2020 2 months ago this is for the regulator or governing body, not public. Most big clients will have an explicit reporting window in their contract though
China’s is even more stringent at 4 hours, down to 1 hour for high-severity incidents:
https://www.theregister.com/2025/09/16/china_1hour_cyber_rep...
https://privacymatters.dlapiper.com/2025/09/china-new-strict...
I am very impressed by those who can assess the scope and consequences within 4 hours, let alone 1 hour.
Only the supervisory authorities are required to be informed in 72 hour, and even there, it's not a hard rule, you can have excuses.
this is for the regulator or governing body, not public. Most big clients will have an explicit reporting window in their contract though