Data breach response checklist
Work through containment, assessment, and communication tasks in the hours and days after discovering a data breach. Each task has an optional note field for a timestamp, an owner, or a link — check items off as you complete them, then export the whole checklist (with your notes) to a branded PDF or a CSV to share with legal counsel or leadership.
Frequently asked questions
Why preserve logs before starting remediation?
Remediation steps — patching a server, rotating credentials, rebuilding a system — often overwrite or delete the evidence you need to determine exactly what was accessed and by whom. Regulators and cyber-insurance providers will ask for this evidence, and without it you're forced to over-disclose (assuming the worst-case scope) because you can't prove a narrower one. Snapshot or export logs first, then remediate.
What's the actual GDPR notification deadline, and does it apply to every business?
Under GDPR, a breach likely to result in risk to individuals must be reported to the relevant supervisory authority within 72 hours of the organisation becoming aware of it — this applies to any business processing personal data of EU residents, not just EU-based companies. Other jurisdictions (e.g. US state laws, Australia's Notifiable Data Breaches scheme) have their own deadlines and thresholds, so confirm which regimes apply to your user base before assuming GDPR's 72-hour window is the only one you need to hit.
How do I estimate what a breach will actually cost before deciding how much to invest in response?
Breach costs come from several buckets — regulatory fines, customer notification and credit monitoring, legal fees, lost business from customer churn, and remediation engineering time — and estimating them upfront helps justify the response budget to leadership. Use the Data breach cost estimator to get a rough figure for your specific user count and data sensitivity before finalising your response plan.
Share this tool
Related checklists
- Security GDPR compliance checklist → A GDPR compliance checklist covering privacy notices, consent, vendor agreements, and data subject rights. Check items off, add notes, then export your progress to PDF or CSV.
- Security Security audit checklist → A security audit checklist covering authentication, application security, and infrastructure monitoring for an online business. Check items off, add notes, then export your progress to PDF or CSV.
- SaaS Monthly SaaS health review checklist → A monthly review checklist covering MRR movement, cohort churn, customer sentiment, and unit economics for a SaaS business. Check items off, add notes, then export your progress to PDF or CSV.
- SaaS SaaS pricing change checklist → A checklist for rolling out a SaaS pricing change safely — covering existing customers, billing systems, public-facing pages, and a rollback plan. Check items off, add notes, then export your progress to PDF or CSV.