How to work in the Data breach log

To create a new incident in the Data breach log, click on ‘Create log entry’ (1) and a form will open. To edit an event that has already been created, click the edit icon (2). In addition, you will find some other features in the data breach log:

3. Delete an incident.
4. Here you can see the files that may be attached to the incidents.
5. Export to Excel.
6. Turn on notifications so that you get a notification every time a new incident is created.
7. Overview of the various incidents, with selected information that is visible already in the overview.

Incident registration/editing – files

When you register or edit an incident, the first thing you get to do is upload a file. You do this by either dragging the file into the field or clicking on the ‘Select files’ button that will direct you to your files.

Incident description

In the form, you must describe the incident so that, among other things, it is mapped out when it happened and how long it has lasted.

1. Name and contact information of the data controller or DPO: Here it is relevant to fill in name, e-mail, tel., and office / department.
2. Date for the incident: By clicking on the field here, a calendar opens where you need to select the date the incident happened. If the event has lasted for several days, select the day the event occurred, as you can use the field below to specify how long the incident lasted.
3. The duration of the incident: Write here how long the incident lasted.
4. Where did the incident occur? Depending on the type of data breach, it may be the physical address, office, PC name/number, network, or other information that helps describe where the incident occurred.
5. How was it discovered? Here you need to describe how the incident was discovered. For example, it may be due to system log or long response times. It can also be through message from others.
6. The nature of the incident? When describing the nature of the incident, you can choose to list e.g. virus, theft, lost data, etc.
7. What was the cause? Here you need to describe the reason why the data breach occurred. For example, it may be through downloading from the Internet or a misunderstood procedure.

Further assessment of the incident

Once you have filled in the basic information about the incident, you must make a detailed assessment of the incident, its extent and who and what it means for the incident to have occurred.

1. How serious is the incident: How many and which data subjects are affected. Which data is affected?: Here you can, for example, indicate the severity of the consequence in low, medium or high. Low will be public data that is affected, medium will be internal data and high will be sensitive data. In addition, you need to describe in more detail to what extent there are data subjects that are affected and get into who it is.
2. What is affected by the incident? In this field, it may be confidentiality that is affected by the security breach, but it may also be e.g. availability of data.
3. Assessment of the risk and the consequences of the incident: The assessment of the risk and consequence is important, as the Data Protection Agency must be notified within 72 hours if it is a risk or a consequence of the data breach that persons’ rights and freedoms are violated.

What has been done about the incident?

As the last step in filling out the form, you must explain how you have chosen to follow up on the incident through the following fields:

1. Who is possbily informed? Describe here who you may have chosen to inform about the incident. By clicking on the blue icon in the right corner of the box, a box will open with examples of who it could be that you have informed.
2. How is the damage reduced? It describes the measures that have been taken or proposed to be taken to deal with the personal data breach. Which appropriate, including measures taken to limit the damage caused by the data breach, have been taken.
3. Who participated in the solution? Describe who participated in resolving the data breach.
4. Can the incident reoccur? Here you must assess whether the incident can reoccur, and you can, for example, answer no to this if you have decided to make changes so that such a breach is no longer possible.
5. Log-information: Describe whether a log of the course of the incident exists and where it can be accessed.
6. Measures to avoid future incidents: What has been done to ensure that such data breaches do not occur in the future?
7. Reported to authority: By clicking on the field, the options ‘yes’ and ‘no’ appear. It must be stated here whether you have found it necessary to report to an authority. If the answer is yes, an additional field will open where the reference number must be given.

Completion of the data breach form

At the end of the form, there is a field in which additional information can be filled in. By clicking on the blue icon in the right corner, you can elaborate on what additional information can be given.

When you’re done filling out the form, click ‘create’ in the bottom right corner to make sure everything you’ve typed in is saved.