04) Does your organisation maintain a breach log that records losses of personal data?
GDPR Breach Log
Written by Haydn Brooks
Created on March 18, 2019
Modified on September 3, 2020

Answer yes if your organisation has a Breach Log that keeps a record of the facts surrounding any security breaches of Personal Data. Please upload a copy of your Breach Log (as a PDF file) as evidence.

Under GDPR you must keep your own record of all personal data breaches in an inventory or log.

How to implement the control:
A useful guide on what you must do after becoming aware of a security breach was published by the ICO and can be found here.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.