Data breach assessment and action plan
Data breach assessment and action plan

The following Risk & Compliance precedent provides comprehensive and up to date legal information covering:

  • Data breach assessment and action plan

Data breach assessment and action plan

    1. 1

      Data breach team

      The first step is to assemble a team to manage and respond to the breach.

      Data breach team lead[Insert the name or description of the person who will lead the data breach team, eg DPO]
      [Data protection officer (DPO)][[Insert name]]
      Head of legal[Insert name]
      Head of compliance[insert name]
      Head of IT[Insert name]
      [Insert any other, eg Head of HR if the breach involves employee data][Insert name]
    1. 2

      Background information

      Refer to the data breach report form, if appropriate.

      Name of person notifying the actual or suspected breach[Insert name]
      Dept and manager[Insert department from which the report emanates and manager for that department]
      Date of actual or suspected breach[Insert date]
      Date of discovery of actual or suspected breach[Insert date]
      Date actual or suspected breach notified internally[Insert date]
    1. 3

      Preliminary assessment

      As soon as possible, you should take steps to contain the breach and recover lost data, but before you can do this you will need to make a preliminary assessment of what data has been lost, why and how.

      Summary of the facts[Provide as much information as possible—including the amount, sensitivity and type of data involved]
      Categories and approximate number of data subjects concerned[Insert details of categories and approximate number of data subjects concerned]
      Categories and approximate number of personal data records concerned[Insert details
Related documents:

Popular documents