You would use this internally in accordance with your various policies to facilitate your staff’s ability to report and lodge a data breach by way of reporting it to the designated Data Protection Officer or whoever is designated as looking after privacy matters; and, to capture that information as required by the Data Protection Officer and/ or as may be requested by the supervisory authority.

A personal data breach is “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.” (Article 4(12))

A Data Processor must report breaches to the Data Controller ‘without undue delay after becoming aware of a breach’ (Article 33). The Data Controller must in turn inform the supervisory authority of a personal data breach within 72 hours where ‘the breach is likely to result in a risk for the rights and freedoms of natural persons’ (Article 34).

Data subjects must be informed of breaches without undue delay where the breach is likely to result in a high risk to the data subject’s rights and freedoms unless:

  • the data has been rendered unintelligible to any third party (for example by encryption);
  • the data controller has taken steps to ensure the high risk is unlikely to materialise; or
  • it would involve disproportionate effort to inform data subjects individually, in which case a public announcement can be made.

Read our GDPR blog post to learn more and download our FREE GDPR Awareness Q&A Fact Sheet.

Get your templates
You can save money by purchasing a full suite of GDPR templates to tailor for your business.
Get your templates
Browse GDPR Templates
We have a suite of pre-order GDPR templates available for you to purchase separately and tailor for your business.
Browse GDPR Templates