Re: GDPR
"The GDPR requires you to alert the relevant regulatory authorities of any data breach"
Unfortunately, it doesn't. There's an element of discretion available to the data controller: "... unless the controller is able to demonstrate, in accordance with the accountability principle, that the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons" (Recital 85, Article 33.1). The lack of clear criteria for assessing relevant natures and levels of risk is one of the Regulation's major weaknesses.