Incident and Breach Reporting

GDRP - EUIDPR: In case of a personal data breach, the controller must. where feasible, notify the personal data breach to the supervisory authority within 72 hours after having become aware of it. In addition, if the personal data breach is likely to result in a high risk to the rights and freedoms of people, the controller must communicate the personal data breach to the people affected.

DORA: Financial entities must define, establish, and implement an ICT-related incident management process including management and notification of ICT-related incidents effectively. Bizoneo can assist Incident Tracking to identify, track, log, categorise, and classify ICT-related incidents.

ISMS - PIMS: It can be implemented as a control (ISO 27001 A.16.1.2, NIST CSF RS, PCI-DSS 12.10).

Bizoneo assists the documentation of the incidents and their assessments to potential breach.

Key Features

Incident reporting

  • Document any data protection related incident;
  • Assess if the incident should be escalated as a personal data breach;

Breach handling

  • Document the type of data affected;
  • Assess if the personal data breach should be reported to the supervisory authority;
  • Assess if the personal data breach should be communicated to the people affected;
  • Document the decision; 


  • Document the actions taken to mitigate the incident or the breach
  • Document the actions taken to prevent such incident re-occurring

In-depth assessment

  • Cross-reference the affected processing activity;
  • Cross-reference the affected assets;


  • Dashboard;
  • Export of incident and breach reports in standard Office formats;

Bizoneo - How can we help? DEMO REQUEST

ISO 27001
NIS2 ISO 27701