What must occur in the event of a data breach?

In the context of a data breach, it is essential that the data processor notifies both the data controller and the relevant supervisory authority. This requirement ensures that all parties involved are aware of the breach and can take appropriate actions to mitigate any potential harm. The data controller, being responsible for the data, needs this information to assess the impact on affected individuals and determine the necessary steps for compliance with legal obligations.

Notifying the relevant supervisory authority is also critical because it allows the governing body to monitor the breach's circumstances and ensure that regulatory requirements are met. This approach promotes transparency and accountability within organizations that handle personal data.

The other options do not fully capture the legal obligations required following a data breach. For instance, while it is important for data subjects to be informed, the responsibility primarily lies with both the data processor and controller to ensure proper compliance with data protection regulations.