Data is “available” if it is accessible when needed by the organization or data subject. GDPR requires that an organization be able to ensure the availability of personal data and have the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident. Lack of availability of the personal data may constitute a personal data breach.
