Communicating a data breach requires careful, legally compliant language that is both transparent and precise. Whether notifying the regulator, informing affected customers, or assessing the scope of the incident, each step has specific collocations used in GDPR compliance, crisis communications, and cybersecurity incident response. This exercise covers the professional vocabulary used by DPOs, CISOs, and legal teams during breach notification.
0 / 5 completed
1 / 5
The DPO was required to ___ the data breach to the Information Commissioner's Office within 72 hours of discovery.
Notify the regulator is the precise data breach legal obligation collocation — under GDPR and equivalent legislation, organisations must 'notify' supervisory authorities within a defined timeframe. 'Report' is also used; 'inform' and 'communicate' are broader. 'Notify' is the specific legal term in data protection regulations for the mandatory disclosure of a personal data breach to a regulatory body.
2 / 5
The legal team helped draft a letter to ___ affected customers about the unauthorised access to their personal data.
Inform affected customers is the standard data breach communication collocation — customers whose data was compromised must be formally 'informed' of the breach and its potential impact. 'Advise' implies recommendations rather than disclosure; 'tell' is informal; 'update' implies ongoing communication. 'Inform' is the legal and regulatory standard for the formal act of notifying individuals of a data breach.
3 / 5
The CISO moved quickly to ___ the vulnerability that had allowed unauthorised access to the customer database.
Patch the vulnerability is the precise cybersecurity remediation collocation — security vulnerabilities are 'patched' by applying software updates or configuration changes that close the attack vector. 'Fix' is broader; 'close' and 'seal' are informal. 'Patch' is the canonical term in cybersecurity for the specific technical act of applying a fix to a known vulnerability.
4 / 5
The breach response team assembled to ___ the scope of the incident and determine which data categories were affected.
Assess the scope is the standard incident response and breach notification collocation — the breach response process begins by 'assessing' what data was accessed and who is affected. 'Evaluate' implies a judgement of severity; 'measure' implies quantification; 'establish' implies confirming something formal. 'Assess the scope' is the first step in data breach response frameworks including GDPR Article 33 guidance.
5 / 5
The CEO published a public statement to ___ full accountability for the breach and outline the remediation steps taken.
Acknowledge accountability is the precise crisis communication collocation — leaders 'acknowledge' both the breach and their organisation's responsibility as the first step in rebuilding trust. 'Admit' implies guilt in a legal sense; 'accept' is used with responsibility; 'take' is also natural. 'Acknowledge' is the preferred term in crisis communications because it combines recognition with a commitment to action without prejudicing legal proceedings.