Skip to main content
CENEDRIL MANUAL
Open Cenedril
Security Operations & Threat Intel · Data breaches

Handle a data breach

Updated on 3 min Pro plan Open in Cenedril

Goal Work a reported data breach through the five handling stages until the notifications are sent and the case is closed with a documented record.

You handle a reported data breach in Cenedril under Documentation → Data Breach Management. Open the incident from the list and work it through five stages: Triage, Assess, Decide, Execute and Close. A countdown at the top of the incident shows the time left against the 72-hour GDPR Art. 33 deadline, so you can send the authority notification on time.

Pick the incident

Open Data Breach Management

In the sidebar open Documentation and select Data Breach Management. The page lists every reported incident, sorted by the most pressing deadline. Use the All Incidents, Active and Closed tabs to narrow the list.

The overview shows incident, status, reported by, authority deadline and affected persons. A tight deadline appears red, an elapsed one as “OVERDUE”.

Open the incident

In the incident’s row, click View Details. The incident opens with its identifier, the description and a progress bar across the five handling stages. If a 72-hour deadline is active and the authority has not yet been notified, a countdown runs at the top.

Triage and assess the risk

Triage the incident (Triage)

In the first stage, Triage, you confirm whether this is a genuine data breach. Under What happened? enter a factual description and add Type of breach, Likely cause, Current containment status and Initial actions taken. Save with Update Incident Details; Cenedril then moves on to the next stage.

Assess the risk to individuals (Assess)

In the Assess stage you estimate the risk of harm to the affected individuals, split into Likelihood of Harm and Severity of Impact. Cenedril highlights objective risk indicators such as special category data or a large-scale incident and derives a risk level (low, medium, high) from them. Save with Update Risk Assessment.

The assessment combines likelihood and severity into a risk level and shows automatically detected risk indicators.

Decide on notifications and execute

Decide on notifications (Decide)

In the Decide stage, based on the risk level Cenedril indicates whether a Supervisory Authority Notification and a Data Subject Notification is required, recommended or optional, each with the legal reference (GDPR Art. 33 and Art. 34). For each notification choose Yes, notify or No, do not notify. If you decide against a recommended notification, enter a justification. Save with Update Notification Decisions.

Send notifications and document (Execute)

In the Execute stage you complete the formal GDPR documentation (likely consequences, remedial and mitigation measures taken) and send the due notifications. Once a notification has gone out, use Mark as Completed to record it as sent. The countdown for the authority notification then ends, and the incident status moves to Authority Notified or Subjects Notified.

In Execute you document the measures and mark the authority and subject notifications as completed.

Close

Close the incident (Close)

The Close stage shows a checklist covering risk assessment, notification decisions and documentation. Once all required actions are done, capture what you learned under Post-Incident Analysis and close the case with Complete & Close Incident.

Optionally link to information security

Below the stages you find the option This incident is also an information security incident. It creates a linked security incident from the data breach and carries over the title, description and timestamps. This link is available with the ISMS module (Professional).

Result: the incident has been worked through all five stages, the due notifications are marked as completed, the post-incident analysis is documented, and the closed incident sits in the list read-only with status Closed.

Frequently asked questions

Where does the 72-hour countdown come from?

The GDPR Art. 33 deadline runs from the moment you become aware of the breach. Cenedril shows the remaining time as a countdown at the top of the incident and flags the deadline red, or as “OVERDUE”, in the overview list while the authority has not yet been notified.

Do I always have to notify both the authority and the data subjects?

No. In the Decide stage, Cenedril derives from your risk assessment whether authority and/or subject notification is required, recommended or optional. If you decide against a recommended notification, the system requires a justification that is recorded on the incident.

Can I still change a closed incident?

Once closed, the incident is read-only. All stages remain visible and the post-incident analysis stays viewable, but the fields can no longer be edited.

How does a data breach relate to a security incident?

At the bottom of the incident you find the option “This incident is also an information security incident”. It creates a linked security incident from the data breach. This link is available with the ISMS module (Professional).

Where do I set up the templates and authority details for the notifications?

Breach management configuration lives in the Data Privacy Assistant under “Breach management & data subject rights”. That is where you set the basics, while this page covers the operational handling of a specific incident.

Data Privacy Assistant

Breach-Management & Betroffenenrechte konfigurieren

So legen Sie im Datenschutz-Assistenten fest, wer bei einer Datenschutzverletzung benachrichtigt wird, hinterlegen Ihre Aufsichtsbehörde und aktivieren das Betroffenenrechte-Portal.

Security Operations & Threat Intel

Sicherheitsvorfall behandeln

So melden Sie in Cenedril einen Informationssicherheitsvorfall, führen ihn durch die Incident-Response-Phasen und schließen ihn mit einer vollständigen Dokumentation ab.

Public Portals

Enable the DSAR portal and handle requests

How to enable Cenedril's public data subject rights portal, share the portal link and work incoming requests through to a documented close.