What is a 'data breach' under GDPR?

A 'data breach' under the General Data Protection Regulation (GDPR) refers specifically to a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data. Therefore, the option indicating a breach of security resulting in data issues encompasses all potential scenarios that can harm the integrity and confidentiality of personal data.

This definition recognizes that a data breach is not limited to incidents of theft or single forms of data exposure; rather, it includes a wide range of potential security failures that threaten personal data, regardless of whether data has been physically stolen or simply compromised.

The other options present narrower or incorrect interpretations. For instance, unauthorized physical access to files describes a specific scenario but does not encompass the broader range of incidents that can constitute a data breach as outlined by the GDPR. Similarly, selling data without consent could be a violation of GDPR principles, but it does not inherently qualify as a data breach unless it involves a security failure. Lastly, noting only data theft incidents inaccurately limits the concept of a data breach, as it excludes other possible scenarios where data can be compromised without necessarily being stolen.