"Controllers and processors are encouraged to plan in advance and put in place processes to be able to detect and promptly contain a breach, to assess the risk to individuals, and then to determine whether it is necessary to notify the competent supervisory authority, and to communicate the breach to the individuals concerned when necessary."
Guidelines on personal data breaches and notifications. Article 29 Data Protection Working Party.
‘Be Prepared’.
• What is a breach?
• What is a ‘reportable’ breach?
• When and how to notify a breach.
• Breach records management and lessons learned.