Article 33 of the GDPR requires every organisation to report data breaches to the Data Protection Authority (DPA), within 72 hours after discovery. This same article requires you to keep a record of all security incidents and data breaches that have occurred in your organisation. Additionally, article 34 of the GDPR states you have to inform the data subjects about the data breach when it is likely that the data breach will result in a high risk to their privacy.
Privacy Nexus guides you through this process of handling incidents. From the first mention of the incident, to handling the outcome. All to help you report a data breach to the Data Protection Authority within that 72-hour deadline.
Using a concise questionnaire, Privacy Nexus helps you collect all the information you need to properly assess whether an incident is a data breach or not and what steps you have to take next.
In case you are dealing with a possible data breach, Privacy Nexus will help you determine the impact and scope of the data breach, whether and what you should report to the Data Protection Authority and whether you need to inform the data subjects.
Using the information you have collected, Privacy Nexus gives you a way to record all the measures that need to be taken in order to conclude the incident, with an easy to-do list. This incorporates:
Once everything on the to-do list is marked as complete, you are able to conclude the incident. This indicates that you have done everything in your power to mitigate the incident and you will take no further action in relation to this incident.
Lastly, a timeline shows how you’ve progressed while handling the data breach. This also provides you with a clear audit trail in case the DPA wants to know how you handled a certain incident.