Incident and Breach Reporting
Under the GDPR, in case of a personal data breach, the controller must. where feasible, notify the personal data breach to the supervisory authority within 72 hours after having become aware of it. In addition, if the personal data breach is likely to result in a high risk to the rights and freedoms of people, the controller must communicate the personal data breach to the people affected.
Bizoneo assists the documentation of the incidents and their assessments to potential breach.
- Document any data-protection related incident;
- Assess if the incident should be escalated as a personal data breach;
- Document the type of data affected;
- Assess if the personal data breach should be reported to the supervisory authority;
- Assess if the personal data breach should be communicated to the people affected;
- Document the decision;
- Document the actions taken to mitigate the incident or the breach
- Document the actions taken to prevent such incident re-occurring
- Cross-reference the affected processing activity;
- Cross-reference the affected digital assets;
- Export of incident and breach reports in standard office formats;