A supervisory authority is a public authority in charge of supervising the application of GDPR. Each EU Member State has a supervisory authority.
The GDPR requires data controllers to report personal data breaches to the relevant supervisory authority, where the breach presents a risk to the affected individuals.
A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
In the case of a personal data breach, you must without undue delay and, where feasible no later than 72 hours after having become aware of it, notify the personal data breach to the Supervisory Authority, unless the personal data breach is unlikely to present a risk to the affected individuals
The competent supervisory authority is the authority that is located in the state of your company’s headquarters. You can find the contact details of the different national authorities on the website of the European Data Protection Board.