The assessment of a data breach determines whether you need to notify the supervisory authority and the data subjects.
In this article
Track notifications related to data breaches
Prerequisite: Have the following permission: Access to Data Breach page.
Assess a data breach
Before evaluating the breach, we recommend that you describe it. Its description helps you to define its potential consequences and risks.
- In the navigation menu, click on Personal Data Breach .
- Select the data breach to assess.
- From the data breach menu, click on Risk Evaluation.
- In the dedicated field, describe the potential consequences of the data breach.
- Based on the potential risks of the data breach, assess it. Check:
- No, no risk if the potential risks are unlikely to harm the rights and freedoms of individuals.
- Yes, presence of risk if a potential risk could harm the rights and freedoms of individuals.
- Yes, presence of a high risk if a potential risk can significantly harm the rights and freedoms of individuals.
- If necessary, justify your assessment in the Comments field.
Depending on your assessment, we will tell you whether it is necessary to notify the data breach and to whom.
Track data breach notifications
When a notification is required:
- Go to the Actions Taken tab.
- From this tab, you know whom to inform about the data breach and when to do so.
- Once you have notified them, check Yes to the dedicated question.
- Fill in the date of the notification.
- If necessary, add a comment.