Personal Data Breach Response
Legal basis: GDPR Arts. 33–34
PurposeA personal data breach must be notified to the AEPD without undue delay and, where feasible, within 72 hours; where it entails a high risk, it must also be communicated to data subjects. We provide the procedure, the breach register and on-call incident support.
What it includes
- Response playbook and breach register
- 72-hour notification to the AEPD
- Communication to data subjects, if applicable
Deliverables
- Breach-response playbook
- Breach register template
- Incident support and draft AEPD notification
Intended forOrganisations that process personal data and need incident-response capability.