Incident- und Breach-Response
Wie Sicherheits- und Datenschutzvorfaelle triagiert und dokumentiert werden.
Dieser Hinweis ist eine Software-Produktgrundlage und sollte vor dem Produktivstart durch qualifizierte Rechtsberatung geprueft werden.
Incident register
Suspected security and personal-data incidents are recorded with severity, affected systems, affected data categories, containment actions, internal notes, and closure state.
GDPR timing
Where a personal-data breach is likely to create risk for individuals, supervisory authority notification must be assessed without undue delay and, where feasible, within 72 hours of awareness.
Processor notices
Where GreenDirective acts as processor, affected customer controllers should be notified without undue delay so they can meet their own obligations.
Evidence preservation
Operational logs, audit-chain verification, affected file scan state, and remediation notes should be preserved for investigation and accountability.