An incident involving, for example, a lost device, an sent email sent by an error, a data leak, must always be properly analyzed.
You should know the level of grafity a breach you are dealing with and whether you have an obligation to report the breach to your customers or the DPA (and if so, in what manner).
These obligations derive from the GDPR. not to mention the fact, that you need to act immediately. Time is short, and proper verification requires appropriate knowledge.
Have the incident analyzed by our experts! Within 24 hours you will learn what steps you should take to avoid exposing your organization to severe reputational damage or financial penalties.
It may be that your organisation processes personal data entrusted by clients and will not need to notify the breach to the data protection authority, but to the client on whose behalf it processes the data. If this is the case, you should also conduct an incident analysis.
It will take us a maximum of 24 hours to analyse the incident after we have received all the necessary information to do so.
Please note that our analysis will only allow us to determine whether the incident constitutes a breach or not, and the 72h time limit for reporting it to data protection authority, if any, only runs from the moment the incident is identified!
If the incident, after analysis, turns out to be an incident/breach with a low risk of infringement of the rights and freedoms of data subjects and does not require notification to the DPA and the persons affected, you will additionally receive from us the output data for making an entry in the register of personal data protection breaches - included in the price of the service!
However, if the incident, after analysis, turns out to be a breach with a medium or high risk of infringing the rights and freedoms of data subjects and requires reporting to the DPA and to the persons affected, and you still need assistance in this regard, you can make use of our additional services:
The cost of this support is agreed on a case-by-case basis, depending on the estimated time required to complete the order.
It is possible to grant a power of attorney to an iSecure specialist to file a data breach notification on behalf of the data controller you represent. This PoA allows us to represent you in front of Polish data protection authority (PUODO). In this case, it is necessary to send a power of attorney (in Polish), completed with your Company's (the principal's) data and date, and finally signed by the persons representing the organisation. At this stage, you do not complete the data of the person to whom the power of attorney is granted.
We will need some additional information to prepare the notification to DPA.