Data Breach Notification Policy

1. Purpose

This policy outlines Location Science GmbH’s procedures for detecting, reporting, and responding to data breaches in compliance with Article 33 and 34 of the GDPR.

2. Definition of a Data Breach

A data breach is a security incident that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

3. Detection and Assessment

3.1 Monitoring Systems

Regular security monitoring
Automated alert systems
Employee reporting procedures

3.2 Assessment Criteria

Nature of personal data affected
Number of data subjects affected
Likelihood of risk to rights and freedoms
Severity of potential impact

4. Notification Procedures

4.1 Internal Reporting

Immediate reporting to Data Protection Officer
Documentation of breach details
Assessment of risk level

4.2 Supervisory Authority Notification

Within 72 hours of becoming aware
Required information:
- Nature of breach
- Categories of data affected
- Approximate number of data subjects
- Contact details of DPO
- Likely consequences
- Measures taken/proposed

4.3 Data Subject Notification

Without undue delay when high risk
Clear and plain language
Description of breach
Contact details of DPO
Measures taken/proposed
Recommendations for data subjects

5. Response Measures

5.1 Immediate Actions

Containment of breach
Assessment of impact
Documentation of incident

5.2 Remedial Actions

System security review
Implementation of additional safeguards
Staff training if needed
Policy updates if required

6. Documentation

All data breaches will be documented, including:

Facts of the breach
Effects of the breach
Remedial actions taken
Lessons learned

7. Review and Updates

This policy will be reviewed:

Annually
After significant security incidents
When required by law

Last Updated: 06.04.2025