Incident a breach response
Ako sa triaguju a zaznamenavaju bezpecnostne incidenty a incidenty osobnych udajov.
Toto oznamenie je produktovy softverovy zaklad a pred produkcnym spustenim ho ma skontrolovat kvalifikovany pravny poradca.
Incident register
Suspected security and personal-data incidents are recorded with severity, affected systems, affected data categories, containment actions, internal notes, and closure state.
GDPR timing
Where a personal-data breach is likely to create risk for individuals, supervisory authority notification must be assessed without undue delay and, where feasible, within 72 hours of awareness.
Processor notices
Where GreenDirective acts as processor, affected customer controllers should be notified without undue delay so they can meet their own obligations.
Evidence preservation
Operational logs, audit-chain verification, affected file scan state, and remediation notes should be preserved for investigation and accountability.