Since the GDPR came into effect in 2018, organisations are required "without undue delay and, where feasible, not later than 72 hours after becoming aware of it, notify the personal data breach to the supervisory authority". Reacting in such a short time frame calls for a robust response plan, particularly in a cloud environment. This talk will give an overview of the challenges of meeting the requirements of the GDPR while at the same time providing insights into how organisations can ensure they respond effectively and efficiently.