Practise the language of data breach notification: incident classification, regulatory notification, and user communication.
0 / 5 completed
1 / 5
A 'personal data breach' under GDPR is defined as:
GDPR Article 4(12) defines a personal data breach as any security breach that affects the confidentiality, integrity, or availability of personal data.
2 / 5
Which phrase is most appropriate for opening a breach notification to affected individuals?
Clear, direct, non-technical language that identifies what happened (security incident), who is affected (your personal information), and why you are writing is best practice for breach notifications.
3 / 5
A breach notification to individuals should include:
GDPR Article 34 breach notifications must include: nature of the breach, approximate number of individuals, data types, likely consequences, and remediation measures taken.
4 / 5
When should affected individuals be notified about a data breach?
Individual notification is required without undue delay when there is high risk to their rights — this is separate from and may come after the 72-hour supervisory authority notification.
5 / 5
The phrase 'we have taken steps to secure our systems and prevent further incidents' in a breach notification serves to:
GDPR accountability requires demonstrating that the organisation has taken responsibility and action. This phrasing shows good faith remediation to both regulators and affected individuals.