The First 72 Hours After a Breach

Live session with the Data Protection Made Easy community

When a personal data breach occurs, the clock starts ticking immediately.

The decisions made in the first few hours can have a significant impact on the outcome, affecting regulatory obligations, reputational damage, customer trust, and the overall response effort. Yet many organisations are unsure what they should actually be doing when a breach first comes to light.

Hosted by Caine Glancy and Catarina Santos, this live discussion will explore the critical steps organisations should take immediately following a breach, helping attendees understand what a proportionate and effective response looks like when every minute counts.

Whether you are responsible for managing breaches, supporting compliance activities, or preparing your organisation for potential incidents, this session will provide practical guidance based on real-world experience.

What This Session Will Cover

During the session, Caine and Catarina will walk through the key actions organisations should take in the immediate aftermath of a personal data breach, including:

• Containing the incident and limiting further risk
• Assessing what has happened and who may be affected
• Determining whether notification obligations apply
• Managing internal and external communications
• Avoiding common mistakes that can make a situation worse
• Lessons learned from real-world breach scenarios
• Building a structured and effective breach response process

Why This Topic Matters

Personal data breaches can happen in any organisation, regardless of size, sector, or maturity.

The challenge is often not the breach itself, but how quickly and effectively the organisation responds. Delays, poor decision-making, inadequate communication, or failures to assess risk properly can significantly increase the impact of an incident.

A well-managed response can help organisations meet their regulatory obligations, minimise harm to affected individuals, and reduce the likelihood of long-term reputational damage.

This session will help attendees understand how to approach breach response with confidence and make informed decisions during the most critical stages of an incident.

Who Should Attend?

This session is useful for anyone involved in data protection, governance, compliance, risk management, or incident response, including:

• Data Protection Officers
• Compliance and risk teams
• Information governance professionals
• Senior leaders responsible for accountability
• IT and cyber security teams
• Incident response teams
• Anyone responsible for managing personal data breaches

Meet Your Hosts

Catarina Santos

Catarina is Head of Consultancy at Data Protection People and supports organisations across a wide range of sectors. She has extensive experience helping organisations respond to complex data protection challenges and manage regulatory risk.

Caine Glancy

Caine is the Data Protection Support Desk Manager at Data Protection People. He works closely with organisations navigating real-world data protection issues and regularly supports breach response and incident management activities.

Join the Data Protection Made Easy Community

This session will be hosted live in front of the Data Protection Made Easy community, giving attendees the opportunity to hear expert insight, ask questions, and learn from the experiences of fellow data protection professionals.

Our community brings together more than 1,700 data protection professionals who join us regularly for live sessions, podcasts and practical discussions designed to make data protection easier to understand and easier to do.

Book Your Place

Join us live for a practical discussion on the first 72 hours after a breach and learn how to respond effectively, meet your obligations, and minimise risk when a personal data incident occurs.

Secure Your Place