Ga naar inhoud

Notification content and internal breach register

Incomplete notifications trigger follow-up questions. This is part 3 of our data breach help route.

Book an informal conversation

ISO Ready helps you align policy, risk, and evidence — without endless document churn.

Review your ISMS approach in ISO Ready

Part 3: notification content and internal register.

DPA notification

Include cause, data involved, individuals affected, consequences, measures, other parties and whether individuals were informed.

Data subjects

Plain language: nature of breach, contact point, consequences, measures taken.

Internal register (all breaches)

  • Discovery and incident timestamps
  • Description and consequences
  • Measures and reporting flags (DPA, individuals, DPO)
  • Parties involved and owner of record

13-step plan · processor register

Key takeaways

  • DPA form: cause, scope, data, individuals, consequences, measures, chain.
  • Data subjects: nature, contact point, consequences, mitigation.
  • Internal register mandatory for all breaches under GDPR.
  • Register fields support lessons learned and ISO evidence.

Run the ISO 27001 readiness scan

See where you stand before investing in documents or consultants.

Start the readiness scan