This audit is designed to keep you compliant with Art. 33 of the GDPR and with local privacy regulations where applicable, where you must keep a record of any personal data breaches and ensure that you have robust breach detection, investigation and internal reporting procedures in place.

In the case of a personal data breach, the controller (that’s you) shall without undue delay and, where feasible and not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55 and if the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

Recording personal data breaches is a great way for a company to identify any shortfalls in their path to compliance and place the correct measures in place to mitigate a repeat of such breaches.