GDRP - EUIDPR: In case of a personal data breach, the controller must. where feasible, notify the personal data breach to the supervisory authority within 72 hours after having become aware of it. In addition, if the personal data breach is likely to result in a high risk to the rights and freedoms of people, the controller must communicate the personal data breach to the people affected.
ISMS - PIMS: It can be implemented as a control (ISO 27001 A.16.1.2, NIST CSF RS, PCI-DSS 12.10).
Bizoneo assists the documentation of the incidents and their assessments to potential breach.