Part 1: first actions after discovering a possible personal data breach.
What is a breach?
A security incident leading to destruction, loss, alteration or unauthorised disclosure of or access to personal data. Not every cyber incident is a GDPR breach — document your assessment.
Immediate steps
- Contain and preserve logs
- Start the 72h DPA clock at awareness
- Assemble crisis team (management, security, DPO, comms)
- Assess data categories and individuals affected
- Defer external messages until aligned