GDPR procedure: Data Breach Response and Notification Procedure

In case we suffer a data breach, we will enact the following procedure, and you will be notified within a week of the result of the assessment.

Measures to follow:

  1. Lockdown of service: possible downtime for the web app(s)

  2. Assessment of how the breach happened by analysis on the servers

    1. We will detail whether the breach happened as result of an attack, or of bugs in the code

  3. Assessment of which private data was involved in the incident

  4. Assessment of the remediation

  5. Alerting of the end users, within a week, about the accidents (point 3) and remediation (point 4)

  6. Write-up in the data breach register, alerting of the authorities

 

Templates for the alerting of 5. and 6. can be found on the DPC shared drive (accessible only to DPC)