Data breaches must be reported by the data processor within how many hours if there is a risk to individuals?

The requirement for notifying individuals after a data breach hinges on the time-sensitive nature of potential harm that could arise from such breaches. Under the Data Privacy Act, the data processor must report a breach within 72 hours if there is a risk to individuals. This 72-hour window is crucial because it allows for timely communication to affected individuals, enabling them to take necessary measures to protect themselves from potential risks, such as identity theft or fraud.

Respecting this timeline underscores the importance of quick communication and transparency in data privacy practices, ensuring that individuals are informed and can mitigate adverse effects as soon as possible. The extended deadlines reflected in the other options highlight a less urgent response requirement, which does not align with the proactive approach the law encourages in safeguarding individuals' data privacy rights.