Once the GDPR becomes enforceable on May 25, 2018, organizations everywhere will be subject to stiff fines and penalties for noncompliance. This download includes an overview of the information required for a basic data breach notification as well as a sample letter to help your organization create an appropriate response.

From the download:

In the current business environment, it is almost inevitable that an organization will experience a security breach that exposes collected personal data to unauthorized access. Under the provisions of the GDPR, regardless of the severity of the security breach, organizations must inform their EU customers and stakeholders of the incident in a timely manner.

GDPR compliance requires that all data subjects be notified that a security breach has occurred within 72 hours of first discovering it. Regardless of whether the notification is in the form of a public announcement, email, or text message, it should contain several key pieces of information:

• Name of the organization experiencing the security breach
• The type of personal data was exposed by the security breach
• How many records were exposed
• When the security breach first occurred
• The steps that have been taken to close the security breach
• Whether the security breach has been closed
• Where data subjects can go to receive additional detailed information

While any security breach is a traumatic experience for all involved, under the provisions of the GDPR, organizations must make a good faith and concerted effort to notify data subjects that a security breach involving their personal data has occurred.