Data Breach Notification Obligation
Meldepflicht bei Datenpannen
The data breach notification obligation requires companies to report a personal data breach to the competent supervisory authority within 72 hours if there is a risk to the rights of the affected individuals — those individuals must also be informed if the risk is high.
Source: gdpr-info.eu — Art. 33 GDPR, notification of a data breach