Under GDPR, organizations are required to report a personal data breach to the supervisory authority within: