Ransomwares and other kind of malwares are waiting the first weakness of your IT systems to attack. Nearly every week, a new data breach is mentioned in the press, tarnishing the affected company's reputation. The GDPR requires data controllers to notify such personal data breach to the competent data protection authority and, as the case may be, to the data subjects. The Article 29 Working Party (WP 29) has published draft guidelines (open for comments until 28 November 2017) in order to clarify the scope of this new obligation.