It’s part of GDPR. I’ve been given training on it at all (3) companies I’ve worked for and training has always included what constitutes a breach and what to do.

I would hope any company would treat it as an incident rather than just a bug where senior enough folks would be involved to know what their responsibilities are.