Incident and breach response
How security and personal-data incidents are triaged and recorded.
This notice is a software product baseline and should be reviewed by qualified legal counsel before production launch.
Incident register
Suspected security and personal-data incidents are recorded with severity, affected systems, affected data categories, containment actions, internal notes, and closure state.
GDPR timing
Where a personal-data breach is likely to create risk for individuals, supervisory authority notification must be assessed without undue delay and, where feasible, within 72 hours of awareness.
Processor notices
Where GreenDirective acts as processor, affected customer controllers should be notified without undue delay so they can meet their own obligations.
Evidence preservation
Operational logs, audit-chain verification, affected file scan state, and remediation notes should be preserved for investigation and accountability.