← All Countries

Bulgaria

Regulatory reporting authorities for incident notification in Bulgaria.

CERT Bulgaria

CSIRT — Cyber Incident Response

NIS2 Art. 23 requires essential and important entities to report significant cyber incidents to their national CSIRT.

Regulation: NIS2 Directive 2022/2555, Art. 23
Deadlines: 24h early warning, 72h notification, 1-month final report
Email: cert@govcert.bg
Website: https://govcert.bg/

Commission for Personal Data Protection

Data Protection Authority

GDPR Art. 33 requires notification of personal data breaches to the supervisory authority within 72 hours. Art. 34 may require notification to affected data subjects.

Regulation: GDPR (Regulation 2016/679), Art. 33-34
Deadline: 72 hours after becoming aware of the breach
Email: kzld@cpdp.bg
Website: https://www.cpdp.bg/

No DORA financial supervisor listed for Bulgaria. DORA applies only to EU financial entities.

Track these deadlines automatically

SiteGuardian pre-fills your reporting contacts, tracks NIS2 and GDPR deadlines, and logs every notification step for audit evidence.

Start monitoring free →

Bulgaria

CERT Bulgaria

Commission for Personal Data Protection

Track these deadlines automatically

Are you sure?