Procedure
We report any personal data breaches within 72 hours to the local authority. To be reported:
What data has been lost or who had access to data while they shouldn't have
What the consequences are
What countermeasures we have taken
If the leaked data was not encrypted, we also report the breach to the person(s) (data subject(s)) whose data we lost.
A post-mortem is organized within 2 weeks of the incident. During these 2 weeks, we research the cause of the incident. After these 2 weeks, we share our findings with our clients. This is to ensure a systematic approach to incident management, rather than an ad-hoc one.
Client agreements
Clients may prefer to be informed of a data breach related to their business before Aiden reports it to the local authority. In such cases, we will do our best to inform the client initially. However, clients must agree that, in any case, it is our obligation under the law to report to the local authority within 72 hours.