Data breach register

Article 33 & 34 GDPR — document breaches, affected data, timelines, notifications, and remediation (aligned with the breach register template).

Total

0

Investigating

0

Active

0

Resolved

0

Notif. Overdue

0

Critical

0

72h authority risk

High

0

Medium

0

Low

0

Incident Register

# Incident Type Severity Individuals Records Affected data Discovered Days open Status Art.33
Loading incidents…

Breach notification template (Article 33)

Use as a starting point when notifying your supervisory authority within 72 hours where feasible.

TO: [Supervisory authority email]
FROM: [DPO / organisation]
DATE: [Date]
SUBJECT: Personal data breach notification under Article 33 GDPR

1. CONTACT INFORMATION
   - Data controller: [Company name]
   - DPO contact: [Name, email, phone]
   - Reference: [Internal breach ID from register]

2. NATURE OF THE BREACH
   - Date/time of occurrence (if known): […]
   - Date/time of discovery: […]
   - Description: [What happened]
   - Categories of data: [e.g. names, emails, health data]
   - Approximate number of individuals: [N]
   - Approximate number of personal data records: [N]

3. LIKELY CONSEQUENCES
   - [Description of risks to individuals]

4. MEASURES TAKEN OR PROPOSED
   - Containment: […]
   - Measures to mitigate: […]

5. FURTHER INFORMATION
   - [Ongoing investigation / next steps]

Signed,
[DPO name]

Affected data categories

Select all that apply (used with volume to derive severity).

Key dates

Discovered is fixed at creation. Set internal report, regulator, and data-subject notification times as they occur.

Discovered (read-only)

Event Timeline

Notifications

Track authority and individual notifications per GDPR Art. 33 & 34

Authority Notifications (Art. 33)

Individual / Other Notifications (Art. 34)

Remediation Steps