Skip to main content
CENEDRIL MANUAL
Open Cenedril
Data Privacy Assistant · Breach & Data Subject Rights

Configure breach management & data subject rights

Updated on 3 min Pro plan Open in Cenedril

Goal In the Data Privacy Assistant, record the internal notification contacts and supervisory authority for data breaches, and enable the public portal for data subject rights.

In the Data Privacy Assistant you prepare two flows: reporting data breaches and handling data subject rights. Open the Data Privacy Assistant and use the cards Configure Breach Management and Configure Data Subject Rights Management. On the first page you record the internal notification contacts and your supervisory authority; on the second you set the authorized handlers and enable the public portal.

Configure breach management

Open the configuration page

Open the Data Privacy Assistant. On the overview, click the Configure Breach Management card. The page explains that you decide who is notified when a data breach is reported and that you record the contact details of your supervisory authority.

The breach management configuration page with the internal notification contacts.

Select internal notification contacts

In the Internal Notification Contacts block, select the team members who should be notified immediately when a data breach is reported. The privacy responsible person and data protection officer recorded in the introduction appear pre-selected in the Data Privacy Representatives block. Activate further people with data privacy access via the checkboxes under Team Members.

Add additional contacts

If the team selection is not enough, click Add Contact under Additional Contacts and enter a name, email address, and role. The email address is required for such contacts. At least one internal contact must be selected overall.

Record the supervisory authority

In the Supervisory Authority block, first choose the Country. For Germany, pick under State (for specific authority) either the responsible state authority or the Federal Authority (BfDI). Then enter the Authority Name, email, phone, and website. This authority must be notified within 72 hours of a reportable breach.

Save the configuration

Click Save. Cenedril checks the required fields and applies the configuration. You then return to the Data Privacy Assistant overview, where the card appears as configured.

Result: the internal notification contacts and the responsible supervisory authority are recorded. As soon as a data breach is reported, the recipients and authority contact are ready for the operational handling.

Configure data subject rights

Open the configuration page

Return to the Data Privacy Assistant overview and open the Configure Data Subject Rights Management card. The page shows two areas: Access Management and Public Portal.

Set the authorized handlers

Under Access Management, select the team members allowed to manage data subject rights requests and the related conversations. The privacy responsible person and data protection officer are pre-selected in the Data Privacy Representatives block. Portfolio users with documentation access appear in their own block below.

Enable the public portal

In the Public Portal block, use the Enable Public Data Subject Rights Portal switch to unlock the public submission page. Once enabled, Cenedril shows the link under Public Portal URL. Use Copy to take it and add it to your privacy policy.

The enabled switch reveals the public portal URL with a copy button.

Save the configuration

Click Save. Cenedril stores the authorized handlers and the portal status. You then return to the Data Privacy Assistant overview.

Result: the authorized people can handle incoming requests, and the public portal accepts requests from data subjects once you have published the link.

Frequently asked questions

Who is suggested automatically as a notification contact?

The privacy responsible person recorded in the introduction, and the data protection officer where applicable, appear in the “Data Privacy Representatives” block and are pre-selected. You add further team members with data privacy access from the checkboxes, and your own contacts via “Add Contact”.

Why does the EU representative block appear for my company?

If your company is located outside the EU/EEA but processes personal data of people in the EU, Cenedril shows the “EU Representative Supervisory Authority (GDPR Art. 27)” block. There you record the country and the contact details of the authority responsible for your EU representative.

What does enabling the public portal do?

The “Enable Public Data Subject Rights Portal” switch unlocks a public web page where data subjects submit their requests. Cenedril then shows the public portal URL, which you can copy and add to your privacy policy.

Are the notification contacts linked to the actual breach handling?

Yes. The people selected here are informed as soon as a data breach is reported. The operational handling then takes place under Documentation, see the journey “Handle a data breach”.

Do I have to configure both areas at once?

No. Breach management and data subject rights are two separate cards in the Data Privacy Assistant, each with its own configuration page. You can save them independently and adjust them later at any time using the edit icon.

Security Operations & Threat Intel

Einen Datenschutzvorfall (Breach) bearbeiten

So bearbeiten Sie einen gemeldeten Datenschutzvorfall in Cenedril Schritt für Schritt: einordnen, Risiko bewerten, Meldepflichten entscheiden, Meldungen versenden und den Fall abschließen.

Public Portals

Enable the DSAR portal and handle requests

How to enable Cenedril's public data subject rights portal, share the portal link and work incoming requests through to a documented close.

Data Privacy Assistant

AVV/DPA verwalten

So erzeugen Sie im Datenschutz-Assistenten von Cenedril aus Ihrem Verzeichnis von Verarbeitungstätigkeiten und den Datentransfers einen AVV-Entwurf nach Art. 28 DSGVO.