(86) The controller should, without undue delay, inform the data subject of a personal data breach if it is likely to result in a high risk of infringement of the rights or freedoms of the data subject, so as to enable the data subject to take the necessary preventive measures. Such information should include a description of the nature of the personal data protection breach and recommendations for the individual concerned to minimize potential adverse effects. The information should be provided to data subjects as soon as reasonably practicable, in close cooperation with the supervisory authority, respecting guidance provided by the supervisory authority or other relevant authorities, such as law enforcement. For example, the need to minimize the immediate risk of harm will require immediate information to data subjects, while the implementation of appropriate measures against the same or similar data breaches may warrant later information.