GDPR is the General Data Protection Regulation
A person whose personal information is held by a company or other organisation subject to GDPR. The person must be resident within the EU and/or be an EU citizen.
General Data Protection Regulation - Business as Usual
Normally taken to mean that an organisation has ensured its staff have received the requisite GDPR training and that they now have approved procedures in place to ensure that post GDPR they can continue with business as usual.
Personally Identifiable Information
Any item of information, that on its own, or when combined with other information, could identify an individual citizen within the EU/UK/EEA.
On a simple level, your first name and last name could be regarded as personally identifiable information, but it also spreads much wider to include items like your photograph, your National Insurance number, your address, your email address etc.
An unauthorised access to the personally identifiable information relating to a data subject.
A data breach may either be deliberate, for example, someone hacking into your computer system or webserver, or a phishing attack, to something as simple as putting the wrong invoice in the wrong envelope so that someone now has unauthorised access to another person's account details.