If you have not already done so, please let the administrator employee, where the breach occurrd, notifidWith the customer who receivd the contract containing personal data, you should agree on the method of its return collecting the contract by courier) and ask him not to open the package (unless it has already been opend) and not to copy the data and not to share it with other people . In addition, I recommend that the main victim, the data subject, be notifid of the incident as soon as possible.
Using means of direct remote communication
In my experience, it is best if the first contact is made by phone (if we have a telephone number). It is primarily a quick way phone number list of contact, which allows for a thorough explanation during the conversation about what has happend, what it involves, what has already been done and what will be the next steps. Only after that, an e-mail with official information is sent, but people are warnd that they will receive a message in the mailbox and are no longer surprisd.
At the employee s home address in particular
Providing information in a way that demonstrates. That it has been done is essential for the accountability principle. And email is a good tool. Of Bold Data course, if the breach affectd a large group of people, calling would be rather impossible. I independently prepare the content of the information that will be sent to the. Person whose data has been breachd. In accordance with the requirements set out in. Article 34 of the GDPR) and to the person to. Whom the data has been transferrd and I am asking the administrator’s employees to send it today.