How We Handle Security Incidents and Data Breaches
What is a data breach?
Any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data — i.e., a compromise of confidentiality, integrity, or availability.
Our incident response process
-
Detection & alerting
Automated detection (e.g., Microsoft Sentinel / Azure Security Center) and DDoS protection. -
Triage & containment
Immediate actions to limit impact and stabilise systems. -
Analysis & remediation
Root-cause analysis, fix, and recovery of affected services/data. -
Communication
Structured customer notification per the DPA (including interim updates if needed). -
Documentation & closure
Full logging and a final incident report with impact assessment and measures.
Internal assessment & documentation
Each incident is recorded in our ticketing system (timeline, affected systems/data categories, actions taken).
Audit logs, forensic evidence, and decisions are retained for review.
Customer notification
- Timeline: without undue delay and no later than 24 hours after becoming aware (as per the DPA)
- Content: nature of the breach, affected data categories/number of individuals, likely causes, measures taken/planned, and — where appropriate — recommendations regarding end-user notifications
Supervisory authority notifications
Notifying data protection authorities is the responsibility of the data controller (customer).
We support assessment and preparation; under the GDPR the typical deadline is 72 hours from awareness (Article 33 GDPR).
Lessons learned & continuous improvement
After each incident:
- Post-incident review and remediation actions
- Updates/re-tests of TOMs
- Process & playbook improvements to prevent recurrence