How to implement the control:
A useful guide on what you must do after becoming aware of a security breach was published by the ICO and can be found here.
Answer yes if your organisation has a Breach Log that keeps a record of the facts surrounding any security breaches of Personal Data. Please upload a copy of your Breach Log (as a PDF file) as evidence.
Under GDPR you must keep your own record of all personal data breaches in an inventory or log.
If you would like to contribute to this article or provide feedback, please email firstname.lastname@example.org. Contributors will be recognised on our contributors page.