Skip to content
How GDPRWise Works calendar_today Updated: 7 April 2026 schedule 5 min read

Data Breach Management with GDPRWise

How GDPRWise helps you manage data breaches: breach register, notification templates, 72-hour deadline tracking, and documentation for the supervisory authority.

summarize Key Takeaways
  • check_circle Your GDPRWise dossier includes a breach register and ready-to-use notification templates
  • check_circle Step-by-step guidance walks you through the 72-hour notification deadline
  • check_circle The breach register documents everything the supervisory authority may request
  • check_circle Peace of Mind keeps your breach procedures current as regulations and your business evolve

Why data breach management matters for every SME

A data breach doesn’t have to be a Hollywood-style hack. A lost laptop, an email sent to the wrong person, or an unprotected customer list shared via a public link - these are the incidents that happen to small and mid-sized businesses every day. Under the GDPR (also known as the AVG in Dutch legislation), you are required to handle these situations correctly and document them properly.

The problem most SMEs face is not a lack of good intentions. It is a lack of preparation. When a breach occurs, you need to act fast. The GDPR gives you just 72 hours to notify the supervisory authority if the breach poses a risk. Without a procedure in place, those 72 hours disappear quickly.

GDPRWise gives you the tools to be prepared before a breach happens, and to respond correctly when it does.

What’s in your breach management toolkit

Your GDPRWise dossier includes a complete data breach management section. It is not a theoretical manual - it is a practical set of tools you can use the moment something goes wrong.

Breach register

Every data breach must be documented, even if you don’t report it to the supervisory authority. The breach register in GDPRWise captures:

  • What happened (description of the incident)
  • When it was discovered and by whom
  • Which personal data was affected
  • How many individuals were impacted
  • What measures you took to contain the breach
  • Whether you reported it and why (or why not)

This register is exactly what the supervisory authority will ask for during an inspection. Having it in order shows that you take your responsibilities seriously.

Notification templates

If a breach needs to be reported, you need to provide specific information to the supervisory authority. GDPRWise includes ready-to-use templates that guide you through what to include:

  • The nature of the breach
  • The categories and approximate number of affected individuals
  • The likely consequences
  • The measures taken or proposed to address the breach

You fill in the specifics of your incident, and the template ensures you don’t miss any mandatory fields. No need to figure out the legal requirements on the spot.

Communication templates for affected individuals

When a breach poses a high risk to the people whose data was compromised, you must inform them directly. This is often the part that causes the most stress. What do you say? How do you say it?

GDPRWise provides clear, professional communication templates. They are written in plain language, not legal jargon, so the people you notify actually understand what happened and what they should do.

The 72-hour deadline, step by step

The 72-hour window for reporting a data breach to the supervisory authority is one of the most well-known GDPR requirements, and one of the most stressful. Here is how GDPRWise helps you meet it.

Step 1: Log the breach immediately. As soon as you discover or suspect a breach, open GDPRWise and log it in the breach register. Record what you know so far, even if details are incomplete.

Step 2: Assess the risk. GDPRWise asks targeted questions to help you determine whether the breach poses a risk. What type of data was involved? How many people? Was the data encrypted? Based on your answers, you get a clear recommendation: report or document only.

Step 3: Contain and mitigate. Document the immediate steps you’re taking - revoking access, changing passwords, informing your IT provider. This is part of your obligation and GDPRWise prompts you to record it.

Step 4: Notify if required. If notification is needed, GDPRWise generates the notification using the template, pre-filled with the details you’ve already entered. You review, adjust if needed, and submit to the supervisory authority.

Step 5: Inform affected individuals. If the risk is high, use the communication template to notify the people involved. GDPRWise helps you determine whether this step is necessary.

Step 6: Evaluate and improve. After the incident, document what you learned and what you’ll change to prevent recurrence. This evaluation is logged in your dossier.

How the three-layer model helps you prepare

GDPRWise uses a three-layer approach to build your dossier, and this applies to breach management too.

Sector foundation. Your industry comes with pre-built breach scenarios. A dental practice faces different risks than an online shop. GDPRWise pre-fills common breach types and response steps relevant to your sector.

AI scan results. The scan detects the tools and scripts running on your website. If you use a CRM that stores customer data, or a newsletter tool that holds email lists, those systems become part of your breach response plan. You know where to look when something goes wrong.

Guided refinement. Through targeted questions, GDPRWise identifies additional systems and processes - employee records, paper files, partner integrations. Items marked “Detected” are confirmed by the scan. Items marked “Needs review” require your input to ensure completeness.

The result: a breach management procedure that actually matches your business, not a generic checklist from the internet.

Peace of Mind keeps your procedures current

Businesses change. You adopt new tools, collect new types of data, or expand into new services. Your breach management procedures need to reflect those changes.

With Peace of Mind, GDPRWise’s continuous monitoring subscription, your dossier stays up to date. When a rescan detects changes, like a new third-party script or an additional form collecting data, your breach response documentation is flagged for review. You don’t have to remember to update it manually.

Peace of Mind also ensures your procedures align with the latest regulatory guidance. When the supervisory authority publishes updated breach reporting requirements, your templates reflect those changes.

Documentation that holds up during an inspection

The supervisory authority can inspect your breach management at any time, not just when a breach occurs. They want to see:

  • That you have a breach register (even if it’s empty, which just means no breaches occurred)
  • That you have a procedure in place for detecting, reporting, and handling breaches
  • That your staff knows what to do

GDPRWise provides all of this in a professional, structured format. You can export your breach register and procedures as PDF, ready to hand over to an inspector, your accountant, or a legal adviser.

A breach doesn’t have to be a crisis

The difference between a breach that becomes a crisis and one that becomes a footnote in your register is preparation. When you know what to do, who to contact, and where to document it, you can respond calmly and correctly.

GDPRWise won’t prevent data breaches from happening. No tool can. But it gives you the structure, templates, and guidance to handle them professionally and meet your legal obligations without panic.

auto_awesome Be prepared before a breach happens

Scan your website and let GDPRWise build your breach management toolkit: breach register, notification templates, and step-by-step procedures tailored to your business.

GW
GDPRWise Editorial

This article was written by the GDPRWise team and reviewed by our privacy experts. We regularly review our content for accuracy and legal correctness.