| ▲ | bflesch 2 hours ago |
| If Mixpanel is subprocessor of GDPR'd data from OpenAI, OpenAI is obliged to notify affected European customers about the data breach within 72hrs. |
|
| ▲ | jacquesm 2 hours ago | parent [-] |
| Correct. And they're already out of that window. |
| |
| ▲ | spacebanana7 an hour ago | parent [-] | | I wonder whether OpenAI could be okay if they themselves weren't notified within 72hrs. | | |
| ▲ | jacquesm 39 minutes ago | parent [-] | | Typically: yes. The clock starts ticking the moment you or anybody within your organization becomes aware of the breach. Three days is plenty. It even gives you time to consult your lawyers if you are not sure if a breach is reportable or not, but you could always do a provisional which gives you a way to back out later. |
|
|
