Data Breach Notification (Template)

Data Breach Notification (template)
3.0, 28.04.2022
1. Supervisory authority
1.1. Country Finland
1.2. Supervisory authority the Data Protection Ombudsman
1.3. Website https://tietosuoja.fi/en/home
1.4. Data breach notification form https://tietosuoja.fi/en/data-breach-notification
1.5. Notification method SA’s webform
(SA’s webform, email, other)
1.6. Type of notification ☐ Complete notification
☐ Preliminary notification
☐ Complementary notification
1.7. Date and Time of notification
1.8. If there has been a delay in
reporting this breach, please
explain why
(after 72 hours)
1.9. Is this notification a cross border
notification made to your lead
supervisory authority?
1.10. Has the breach been or will it be
notified directly to other
concerned EU Supervisory
Authority?
notified to Data Protection
Authorites outside the EEA?
notified to other EEA regulators
because of other legal obligations
(NIS directive or eIDAS
regulation)?
by Andrey Prozorov, CISM, CIPP/E, CDPSE, LA 27001

www.patreon.com/AndreyProzorov
3.0, 28.04.2022
2. About you
2.1. Name of the organisation
2.2. Business ID
2.3. VAT number
2.4. Sector of activity of the
organisation (industry)
2.5. Address and any relevant
contact details
2.6. Name and function of the
reporting person
2.7. Reporting person’s contact
details
2.8. Name and function of the
person who can be contacted
for more information about the
breach
2.9. Email address
2.10. Phone number
2.11. Postal address
2.12. Does the data breach concern Name, business ID and qualification of the other
other organisations? involved party:
3. Timeline
3.1. Beginning date of breach
3.2. Ending date of breach
3.3. Date of awareness of breach
3.4. Means of detection of breach
3.5. Date of notification by processor

(if applicable)
3.6. Comments on the dates

3.0, 28.04.2022
4. About the breach

4.1. Description of the breach ☐ Unauthorised disclosure or access to the data
☐ Alteration of the data
☐ Loss or destruction of the data
4.2. Nature of the incident ☐ Device lost or stolen
☐ Paper lost or stolen or left in insecure
location
☐ Mail lost or opened
☐ Hacking
☐ Malware
☐ Phishing
☐ Incorrect disposal of personal data on paper
☐ E-waste (personal data still present on
obsolete device)
☐ Unintended publication
☐ Data of wrong data subject shown
☐ Personal data sent to wrong recipient
☐ Verbal unauthorized disclosure of personal
data
☐ Other
4.3. Cause of the breach ☐ Internal non malicious

☐ Internal malicious
☐ External non malicious
☐ External malicious
☐ Unknown
4.4. Type of breached data Regular data
☐ Data subject identity (e.g. name, surname,
date of birth)
☐ National identification number
☐ Contact details
☐ Other identification data
☐ Economic and financial data
☐ Official documents
☐ Location data
☐ Genetic or biometric data
☐ Criminal convictions, offence or security
measures

3.0, 28.04.2022
Special categories of data

☐ Data revealing racial or ethnic origin
☐ Political opinions
☐ Religious or philosophical beliefs
☐ Trade union membership
☐ Sex life data
☐ Health data
☐ Genetic data
☐ Biometric data
☐ Not yet known
☐ Other
4.5. Approximate number of

personal data records
concerned by the breach
4.6. About the data subjects ☐ Employees
☐ Users
☐ Subscribers
☐ Students
☐ Authority staff
☐ Customers (current and prospects)
☐ Patients
☐ Minor
☐ Vulnerable individuals
☐ Not yet known
☐ Others
4.7. Approximate number of persons

concerned by the breach
5. About the measures in place before the breach
5.1. Description of measures in
place before the breach

3.0, 28.04.2022
6. Consequences
6.1. Nature of the potential impact ☐ Loss of control over their personal data
for the data subject ☐ Limitation of their rights
☐ Discrimination
☐ Identity theft
☐ Fraud
☐ Financial lost
☐ Unauthorised reversal of pseudonymisation
☐ Damage to reputation
☐ Loss of confidentiality of personal data
protected by professional secrecy
☐ Other
6.2. Severity of the potential ☐ Negligible

impacts ☐ Limited
☐ Significant
☐ Maximal
7. Taking actions
7.1. Have the data subjects been ☐ Yes
informed of the data breach? ☐ No, but they will be informed
☐ No, they will not be informed
☐ Not defined at this time
7.2. Measures taken by the Corrective actions:
controller to address the breach
Planned actions:
7.3. The root cause of the breach

8. Other
8.1. Have we told, or are we
planning to tell any other
organisations about the breach?
(For example the Police, other
regulators or supervisory
authorities)
8.2. List of Attachments


Data Breach Notification (Template)

Uploaded by

Copyright:

Available Formats

Data Breach Notification (Template)

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Data Breach Notification (Template)

Uploaded by

Copyright:

Available Formats

What information is required to notify a data breach to the Finnish Data Protection Ombudsman?

What details must be provided about the data breach?

Data Breach Notification (template)

by Andrey Prozorov, CISM, CIPP/E, CDPSE, LA 27001

3.5. Date of notification by processor

by Andrey Prozorov, CISM, CIPP/E, CDPSE, LA 27001

4. About the breach

4.3. Cause of the breach ☐ Internal non malicious

by Andrey Prozorov, CISM, CIPP/E, CDPSE, LA 27001

Special categories of data

4.5. Approximate number of

4.7. Approximate number of persons

by Andrey Prozorov, CISM, CIPP/E, CDPSE, LA 27001

6.2. Severity of the potential ☐ Negligible

7.3. The root cause of the breach

by Andrey Prozorov, CISM, CIPP/E, CDPSE, LA 27001

You might also like