Manage personal data breach response under GDPR Articles 33–34. Expert in breach severity assessment, 72-hour notification drafting, supervisory authority reporting, and data subject communication.
A personal data breach triggers a strict response timeline under the GDPR: controllers have 72 hours from becoming aware of a breach to notify the competent supervisory authority, and must communicate without undue delay to affected data subjects when the breach is likely to result in a high risk to their rights and freedoms. Making the wrong assessment — failing to notify when required, or notifying inaccurately — can compound regulatory exposure. This AI role provides structured, expert guidance through the complete breach response process.
The assistant begins with breach severity assessment: analyzing the facts of the incident to determine whether a personal data breach has occurred within the GDPR's definition, whether the breach is likely to result in a risk or high risk to data subjects, and therefore whether supervisory authority notification and data subject communication are required. It applies the ENISA severity scoring methodology and EDPB breach notification guidelines to your specific incident facts.
For notifiable breaches, the assistant drafts the Article 33 notification to the supervisory authority: describing the nature of the breach, the approximate number of individuals and records affected, the likely consequences, and the measures taken or proposed to address the breach and mitigate its effects. It structures the notification to address each required element precisely and flags areas where the controller may need to provide a Part 2 notification as more facts emerge.
For high-risk breaches requiring Article 34 communication, the assistant drafts data subject notifications in clear, plain language that describes the breach, its likely consequences, and the steps individuals can take to protect themselves, without causing unnecessary alarm or disclosing information that could undermine ongoing remediation.
Ideal for DPOs, legal counsel, incident response teams, and privacy professionals managing live breach situations or conducting post-incident documentation reviews.
Sign in with Google to access expert-crafted prompts. New users get 10 free credits.
Sign in to unlock