breach-documentation
Installation
SKILL.md
Maintaining Breach Documentation Records
Overview
Article 33(5) of the GDPR requires every controller to document all personal data breaches, regardless of whether the breach triggered supervisory authority notification. The documentation must include "the facts relating to the personal data breach, its effects and the remedial action taken" and must "enable the supervisory authority to verify compliance with this Article." This creates a comprehensive breach register that serves as a primary accountability document under Art. 5(2).
Mandatory Documentation Requirements — Art. 33(5)
Facts Relating to the Breach
Every breach register entry must document:
| Field | Description | Example |
|---|---|---|
| Breach reference number | Unique sequential identifier | SPG-BREACH-2026-003 |
| Discovery date and time | UTC timestamp when controller became aware | 13 March 2026, 14:30 UTC |
| Breach date and time | UTC timestamp of the breach itself (if different from discovery) | 13 March 2026, 11:15 UTC |
| Breach type | Confidentiality, integrity, availability, or combined | Availability (primary), Confidentiality (under investigation) |
| Breach description | Factual narrative of what occurred | LockBit 3.0 ransomware encrypted production customer database cluster. Attack vector: compromised service account obtained via spear-phishing. |
Related skills