Data breach notification (Hungarian NAIH 72 hours)
Related service Cybersecurity
DEFINITION
Under GDPR, every business must report personal-data breaches (unauthorised disclosure, destruction, alteration) to NAIH within 72 hours — through Hungary's adatvedelem.hu portal. Reporting is mandatory if the risk to data subjects is high. Must include: what happened, when, which data was affected, what damage could result. Late notification = separate fine. Under NIS2, certain businesses must report cybersecurity incidents within 24 hours to NBSZ NKI. Building a custom incident-notification flow: €1.5-4k.
- Threat model→
A structured exercise that walks the system's actors, attack surface, risks, and controls. Day one of every DField project · before any code.
- Penetration test (pentest)→
Manual + tooled attack simulation that reveals what an attacker could achieve. We deliver findings as PRs in your repo, not an 80-page PDF.
- DevSecOps→
Security as a continuously-running CI step (SAST, DAST, SCA, IaC scan), not an annual project. Runs against every push; every sprint closes at least one security bug.
- MFA (Multi-factor auth)→
Two or more factors (TOTP, WebAuthn, biometric) beyond a password. Table-stakes in SaaS today · enterprise procurement disqualifies you without it.
- SOC 2→
A US audit framework for confidentiality, integrity, availability, and privacy controls. For SaaS, the Type II audit (6–12 months of observation) is the standard enterprise baseline.
- ISO 27001→
International standard for Information Security Management Systems (ISMS). Often preferred in Europe instead of or alongside SOC 2. 3-year certification cycle.
- 0109 May 2026Building a SaaS in Hungary · 2026 regulatory + tax checklist→
- 0209 May 2026EU AI Act compliance for Hungarian startups · 2026 founder's guide→
- 0309 May 2026Cybersecurity audit cost in Hungary · 2026 benchmarks→
- 0409 May 2026Web development agency rates in Budapest · 2026 transparency report→
- 0509 May 2026Hiring an AI development team in Budapest · 2026 founder's guide→
- 0606 May 2026EdTech and GDPR · how to handle student data without panic in 2026→
- 0730 Apr 2026Cybersecurity audit pricing in 2026 · what €5k, €18k and €60k actually cover→
- 0829 Apr 2026NIS2 readiness for EU SaaS · the 90-day playbook→