Data Breach Response Plan
GDPR requires you to report data breaches within 72 hours. Cybersäkerhetslagen requires an early warning to MCF within 24 hours. Both require documented procedures to already be in place. We write your complete response plan — before you need it.
A data breach does not announce itself. It happens on a Friday afternoon or is discovered on Monday morning. When it does, two clocks start immediately.
Two separate legal deadlines — both start the moment you become aware of a breach GDPR (all companies): 72 hours to notify Datainspektionen (IMY). Cybersäkerhetslagen / NIS2 (in-scope companies): 24-hour early warning to MCF, then a full 72-hour notification, then a final report within one month. Most companies have procedures for neither. |
Companies with a written, rehearsed response plan handle breaches faster, notify regulators correctly, and typically receive significantly lower fines than companies that improvise. Regulators look for documented evidence that you prepared — not that you panicked.
We write a tailored Data Breach Response Plan for your organisation: who does what, in what order, with what information, within what timeframe. Delivered in Swedish or English.
WHAT YOU GET
Full Data Breach Response Plan tailored to your company structure
GDPR procedure: 72-hour notification to Datainspektionen (IMY) with template notification letter
NIS2 procedure: 24-hour MCF early warning + 72-hour notification + 1-month final report (for in-scope companies)
Internal escalation flow — who to call, in what order
One-page quick-reference checklist for staff to follow under pressure
Template notification letters to regulators and affected individuals
Who needs this | Every company that handles personal data. Critical for NIS2-regulated sectors, healthcare-adjacent businesses, and companies handling payment or sensitive personal data. |
Timeline | 5–7 business days |
Delivered as | Written plan (Word + PDF) + 1-page checklist — Swedish or English |
Price | 8,900 kr (fixed price) |
