GDPR Process - Incident Response Plan

GDPR Step: 4. Incident Response Plan

GDPR compliance means that your organization should be prepared to deal with data breaches, and provide for rapid counteractions to mitigate their impact.

Data breaches must be notified to supervisory authorities within 72 hours, or even less, if data breaches affect the freedom of natural individuals (GDPR Article 33). In addition, every affected person must be notified with the details about the incident.

To this end, your organization must define an incident response plan, as well as setup the right environment to mitigate the impact of data breaches.