GDPR Article 33: Notification of Personal Data Breach

The General Data Protection Regulation (GDPR) Audit reports provide documentation and compliance artifacts that help you demonstrate compliance with requirements outlined by GDPR.

The GDPR Article 33: Notification of Personal Data Breach report provides access to features in the Alert Logic console that help you demonstrate compliance with GDPR Article 33.

To access the Article 33: Notification of Personal Data Breach report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Compliance.
  3. Under GDPR Audit, click VIEW.
  4. Click Article 33: Notification of Personal Data Breach.

Filter the Report

To refine your findings, you can filter your report by date range and customer account.

Filter the report using drop-down menus

By default, Alert Logic includes (All) filter values in the report.

To add or remove filter values:

  1. Click the drop-down menu in the filter, and then select or clear values.
  2. Click Apply.

The report summary page displays two columns. Requirements lists each requirement from the selected GDPR Article. Available Documentation and Artifacts describes and contains links to the documentation and compliance artifacts that this report can generate to meet each requirement listed by the GDPR Article.

Available Documentation and Artifacts

This report provides you with access to features in the Alert Logic console that help you demonstrate that supervisory authority is notified in the case of a personal data breach.

Requirement 1

Requirement 1 of GDPR Article 33 requires the controller to notify a personal data breach to the supervisory competent without undue delay.

This section provides you with the following links for quick access to appropriate pages in the Alert Logic console:

  • The Incidents page, where you can review security incidents detected in your environment. You can use this information to be aware of any personal data breaches.
  • The Alert Logic Escalated Contact report, which lists designated alerted users and escalation contacts when critical incidents are detected in your environment. You can use the Escalated Contact report to review the contacts who are notified in your organization and determine if they are the appropriate supervisory authority competent to handle a personal data breach.
  • The Alert Logic Subscribed Notification Users report, which lists users subscribed to receive notifications for specified customer accounts. You can use the Subscribed Notification Users report to review the contacts who are notified in your organization and determine if they are the appropriate supervisory authority to handle a personal data breach.

Requirement 2

Requirement 2 of GDPR Article 33 requires the processor to notify the controller without delay after becoming aware of a personal breach.

Alert Logic does not provide data for this requirement.

Requirement 3

Requirement 3 of GDPR Article 33 requires the notification concerned to in paragraph 1 at least (a) describe the nature of the personal data breach, (b) communicate the name and contact details of the data protection officer or other contact point, (c) describe the likely consequences of the personal data breach, and (d) describe the measures taken or proposed to be taken.

This section provides a link to the Incidents page, where you can review security incidents detected in your environment, including descriptions, attacker and victim information, recommendations, and evidence.

Requirement 4

Requirement 4 of GDPR Article 33 requires that the information be provided in phases without further delay.

Alert Logic does not provide data for this requirement.

Requirement 5

Requirement 5 of GDPR Article 33 requires that the controller document any personal data breaches.

Alert Logic does not provide data for this requirement.