The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible. In order to fulfill this new requirement, it is important to have a response plan in place in order to detect, report and investigate personal data breaches.
Briox has a process for managing incidents. The process should clarify the flow of information, the routines that exists and all roles and responsibilities. An incident team handles all necessary coordination, communication and is responsible to assess, respond and learn from the incidents in order to reduce the risk of recurrence.