(87) Ensure that all appropriate technical protection measures and all appropriate organizational measures have been implemented to immediately identify the personal data breach and promptly notify the supervisory authority and the data subject. Whether notification was made without undue delay should be determined taking into account, in particular, the nature and gravity of the personal data protection breach, its consequences and adverse effects on the data subject. Such notification may result in the intervention of the supervisory authority, in accordance with its tasks and powers set forth in this Regulation.