1. Home
  2. I am a Power/Promoted user
  3. Privacy Management
  4. Report an Incident
  1. Home
  2. I am a Power/Promoted user
  3. Report an Incident
Searching...

Report an Incident

Contents

RESPONSUM allows you to report privacy incident and breaches and helps you calculate the impact from information provided by you.

See it in action

Pre-requisites to get started

  • Permissions on the “Incident” sub-module (Under “Operations”) as Promoted user or Power User

Fast-track to Brilliance

  • Select the “Operations” menu in the main menu bar
  • Select “Incidents”
  • Add a new incident by clicking the “+ Create” or Edit and existing Incident
  • In the “Incident details” section you can first add some general details related to the incident (Reporter, incident date, detection date, related files,…)
  • In the “Incident origin” section you can provide information on where the incident stems from.
    • At this point, if there is no data breached, all further steps aside from ‘Summary’ are hidden.
  • In the “Leaked Data” section you can add specifications of what data was leaked and who was affected by the leak.
  • In the “Ease of Identification” and “Circumstances” sections you can further narrow down the identifiability of the data subjects and the risks the leak poses.
  • In the “Projected Impact” section an automatic calculation of the severity of the leak is made based on all your answers from the previous sections. You can agree with the calculation or disagree and make your own estimation.
  • In the “Summary” section you can write down any further information, next steps and conclusions for the data breach.
  • Don’t forget to press ‘create’ or ‘save’ to make sure all your work is saved!

Step-by-step guidance

Go to ‘Operations’ menu in the top bar, and select ‘Incidents’. When you are transferred to the overview page, click the ‘Create’ button to get started.

1. Incident Details

  • Name: Give the incident a name, ideally the name should be short and reflective of the issue.
  • Incident ID: Give your incident a unique ID that sets it apart from similar incidents.
  • Reported by: Fill in whoever reported the incident.
  • Submitted by: If applicable, fill in whoever submitted the incident.
  • Category: Here you can select one or more categories that relate to the incident.
  • Detected date: Here you can select the date and time when the leak was discovered.
  • Incident date: Here you can select the date and time when the leak actually happened.
  • Reported date: Here you can select the date and time when the leak was reported.
  • Description: Feel free to add any additional information that should be known of when, how and why the leak happened and was discovered.
  • Reference url: Feel free to add a link which relates to the incident.
  • Upload: Feel free to upload any files and documentation that are of importance to the data breach.

2. Incident Origin

  • Incident origin: Select whether the origin of the incident is internal or external.
    • Involved function: If you selected internal; you can select the involved functions here.
    • Involved vendor: If you selected external; you can select any involved vendors here.
  • Privacy role: Select whether your role within the incident is ‘controller’ or ‘processor’.
  • Is personal data leaked? If personal data was leaked; you will have to continue filling in the next steps. If there was no personal data leaked, you will go straight to the ‘Summary’.

3. Leaked Data

  • What data is leaked? In this table, you can add which and how many data subjects were affected by the data breach. You can add several different data subjects.
  • IM System: Here you can select any related IM Systems.
  • Data attribute: Here you can select any related Data Attributes.
  • Next up are several questions for you to fill out to bring the severity of the data breach into view. From this part, our assessment based on the Enisa Methodology will commence to give you an indication of the impact of the data breach. More information on the calculation and question weights can be found later in this article.

4. Ease of Identification

  • For this section, simply fill out whether the data subjects that were affected are easily identifiable based on the data that was leaked.
    • Feel free to add a justification for this answer.

5. Circumstances of the breach

  • For this section, you’re required to fill in a few more questions concerning how the data breach happened and if it’s intelligible and poses a risk to the affected data subjects.
  • Each question comes with an optional justification.

6. Projected Impact

  • Impact level: this displays an automatically calculated impact level based off all your answers, and a little explanation of what this means.
  • You can agree or disagree with the calculated impact level.
    • If you agree with the calculated impact level; you can continue with adding justifications, and proceed to the next section.
    • If you disagree with the calculated impact level; you can add justification on why you disagree and then scroll down to ‘Decided Score’; where you can enter your own estimated impact level. You can now also proceed to the next section.

7. Summary

  • In the summary you are free to enter any additional information you would like to share concerning the data breach and its impact, as well as conclusions and next steps.

Data Breach Assessment

Whenever you indicate that personal data has been breached as a result of the security incident, you will be guided through our ENISA methodology based assessment on the impact resulting from such a data breach.

RESPONSUM will provide you a suggested impact score on the “Projected Impact” page.

The following calculations are being used for this assessment:

Impact score = “Leaked data” (DPC) x “Ease of identification” (EI) + “Circumstances” (CB)

Leaked data (DPC)

Ease of identification (EI)

Circumstances (CB)

If you have any questions related this guide or way of working, please reach out to support@responsum.eu for assistance.

Was this article helpful?
Yes No

Related Articles