Try this first
- 1Nature of the breach: technical (hack, malware), human (wrong mail), physical (lost laptop). Be factual, not 'we were attacked by state hackers'.
- 2Number of people affected: estimate an order of magnitude. 'Unknown, estimated between 50 and 500'. Do not dramatize, do not downplay.
- 3Type of data: list the categories. 'Name, email, phone'. Sensitive categories (health, financial, citizen number) call out separately.
- 4Possible consequences for individuals: identity theft, financial harm, reputational damage. Be realistic.
- 5Measures taken or planned: technical (password rotation, MFA enforcement), procedural (training), communication (mail to those affected).
When to bring us in
For a heavier notification (medical data, children, large numbers): have a GDPR expert review. We have a regular partner, one evening of work saves a lot of hassle later.
See also
- I think I clicked a phishing linkNo shame, happens to everyone. The next fifteen minutes matter.
- A colleague's account is acting strangelySending mail in their name, rules hiding folders, unusual sign-ins. Suspicious.
- Lost the MFA app: new phone, no backup codesClassic problem after a phone upgrade. You are not the first to be locked out.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.