How to work in the Data breach log

To create a new incident in the Data breach log, click on ‘Create log entry’ (1) and a form will open. To edit an event that has already been created, click the edit icon (2).
In addition, you will find some other features in the data breach log:

3. Delete
-Here you can delete an incident.
4. Overview
-Here you can see the files that may be attached to the incidents.
5. Export
-Export to the data breach log to an external Excel-file.
6. Notify of new incidents
-Turn on notifications so that you get a notification every time a new incident is created.

Incident description

In the form, you must describe the incident so that it is mapped out when it happened and how long it has lasted.

Incident registration/editing – files

1. Attachments
-When you register or edit an incident, the first thing you get to do is upload a file. Press “Attachments” and then “Select files” to upload a relevant file.

2. Title/character of the incident
-Give the incident a name. For an examlpe this could be “data breach in department”, “

3. Name and contact information of the data controller or DPO
-Name and contact information of the data controller or DPO: Here it is relevant to fill in name, e-mail, tel., and office / department.

4. What happened?
-Describe what happened when the incident occured

5. Date for the incident 
By clicking on the field here, a calendar opens where you need to select the date the incident happened. If the event has lasted for several days, select the day the event occurred, as you can use the field below to specify how long the incident lasted.

Further assessment of the incident

Once you have filled in the basic information about the incident, you must make a detailed assessment of the incident, its extent and what it means for the incident to have occurred.

6. How was it discovered?
–E.g. system log, long response time, smoke from machine, message from others

7. What was the cause?
-E.g. download from internet, open window, misunderstood procedure

8. How serious is the incident (which type of information, how many data subjects and from which category etc.)?
–E.g. low (public data), medium (internal data), high (sensitive data)

9. Risks and consequences of the incident, including, if relevant, justification for not reporting to the Data Protection Authority
-If the risk assessment of the incident shows that there is a likely risk to the rights and freedoms of a natural person, the data protection authority must be notified of the incident. See the deadline above, where it is calculated based on when the incident was discovered.

What has been done about the incident?

You must also explain how you have chosen to follow up on the incident through the following fields:

10. How is the damage reduced?
–Describe the measures taken or proposed by the controller to deal with the breach of personal data security, including, where appropriate, measures to limit its potential adverse effects.

11. Who participated in the solution?
–E.g. supplier, security specialist

12. Can the incident reoccur?
-E.g. ‘no – the unauthorized access is removed in the access control’

13. Measures to prevent future incidents
-Describe the measures that have been implemented, that you are in the process of implementing, and that you have plans to implement to lower the risk of further incidents.

14. What is affected by the incident?
–Confidentiality/integrity/avilability of data

15. Reported to authority
-you must answer either “yes” or “no” to wether the incident has been reported to authority

16. Who has been informed (including the affected persons and justification if they have not been informed)?
-This could be the department, service portal, authorities etc.

17. Any additional information
-Any addtional information that you find important such as technical information, e.g. characteristics, operating system, IP address, police report