The purpose of this course is to provide governance and guidance for handling personal data breaches in compliance with the General Data Protection Regulation (GDPR), specifically Articles 33 and 34 of Regulation (EU) 2016/679.
This procedure ensures that TSET can:
- Detect, assess, and respond to personal data breaches in a timely and structured manner
- Meet the mandatory 72-hour notification obligation to the supervisory authority
- Determine whether affected data subjects must be notified
- Document all personal data breaches in accordance with the GDPR accountability principle (Article 5(2) and Article 24)
This procedure operates in conjunction with the existing incident response framework (SOP-SEC-3 Incident Response Procedure) and extends it with GDPR-specific requirements.
- Teacher: Admin User