AGIDAT – Datenschutz | Informationssicherheit

Data Breach Management

Personal data breach? We help you respond correctly — within the 72-hour window.

The 72-hour rule

Art. 33 GDPR requires that a personal data breach be notified to the competent supervisory authority within 72 hours of becoming aware of it — unless the breach is unlikely to result in a risk to individuals' rights and freedoms. This is a tight window, and the notification must be substantive. AGIDAT helps you respond correctly and on time.

Immediate response support

  • Incident assessment — does this breach require notification? To whom?
  • Risk assessment — what is the risk to affected individuals?
  • Supervisory authority notification — drafting and submitting the Art. 33 GDPR notification
  • Individual notification — drafting the Art. 34 GDPR communication to affected persons
  • Incident documentation — mandatory internal breach log per Art. 33(5) GDPR
  • Coordination with IT and legal — structured incident response

Preparation is key

The best time to prepare for a data breach is before it happens. We help you establish a breach response procedure so that when an incident occurs, your team knows exactly who does what and when — minimizing response time and regulatory risk.