Data Breach Response Plan

Something's leaked. Figure out what data, how much, and how it happened. The clock starts now. Document the exact time you became aware. For GDPR, you've got 72 hours from when you 'know' - not when you're done investigating. The timeline matters.

Stop more data from leaking. Disable compromised accounts. Close exposed endpoints. Do it now. Contain first, investigate later. Every minute the breach spreads is more customers affected and more regulators asking questions.

What data was exposed? How many people? Which jurisdictions? This determines your notification obligations. Be thorough but fast. You need answers to tell regulators and customers. Guessing wrong in either direction causes problems.

72 hours for GDPR notification. State laws vary - some are faster. Your legal team needs to know immediately. Don't wait until you have all the answers. Regulators understand you're still investigating. What they don't forgive is silence.

Be honest, be clear, be helpful. Tell them what happened, what you're doing about it, and what they should do. Offer credit monitoring if financial data was exposed. It's expensive, but cheaper than the lawsuit.

Fix what broke. Patch the vulnerability. Change the credentials. Whatever let this happen, make sure it can't happen again. Don't just fix the symptom. Find the root cause. If it was a phishing email, why did your controls fail?

What did we learn? What needs to change? Document everything for the inevitable regulatory review. This isn't just bureaucracy. Regulators will ask what you've done to prevent recurrence. Have a good answer ready.