We can help you set up an internal procedure to comply with the data controller's obligation to notify the CNIL of any personal data breach within 72 hours of discovering it:

• facilitating the escalation of information about a security incident to the appropriate people (data protection officer / security manager / legal department / senior management, etc.),
• determine whether the security incident is a data breach based on its impact on the availability, integrity or confidentiality of personal data,
• assess the risk presented by the data breach to determine whether it should be notified to the CNIL and/or communicated to the persons concerned,
• transform the RGPD's documentation obligations into an opportunity to strengthen the company's level of security.