# DPC GDPR Data Breaches (Self-Assessment) > Breach preparedness for DPC checklist: incident response plan, procedures to notify DPC and individuals, documentation, and cooperation. For actual notification use DPC GDPR Breach Notification skill. Tags: DPC, GDPR, Ireland, Compliance, Breach ## Example Prompts - Draft our data breach incident response plan for the DPC checklist - Assess our procedures for notifying the DPC and data subjects - Document breach documentation and processor cooperation requirements URL: https://rakenne.app/skills/dpc-gdpr-data-breaches/index.md Try this skill: https://rakenne.app/a/?skill=dpc-gdpr-data-breaches ## Overview Breach preparedness for DPC checklist: incident response plan, procedures to notify DPC and individuals, documentation, and cooperation. For actual notification use DPC GDPR Breach Notification skill. ## Getting Started Add your source materials to the project workspace, then activate the *DPC GDPR Data Breaches (Self-Assessment)* skill. The agent will guide you through the process step by step. ## Example conversation **You:** We don't have a formal incident response plan yet. We need one that covers detecting breaches, deciding when to notify the DPC and individuals, and documenting everything—aligned to the DPC checklist. **Agent:** I'll draft an incident response plan and procedures using the breach *preparedness* reference (not the notification form itself). I'll include: detection and containment, risk assessment, decision to notify DPC within 72h and/or data subjects, internal record-keeping when we don't notify, and cooperation with processors. I'll also add a checklist so you can confirm procedures are documented and regularly reviewed, as the DPC self-assessment asks. ## Output excerpt ### Incident response plan (excerpt) 1. **Detection and reporting** — Any staff who become aware of a potential breach report to [designated contact]. Log time and initial facts. 2. **Containment** — [IT/Security] contain and prevent further exposure; preserve evidence if needed. 3. **Risk assessment** — Assess: nature of data, volume, sensitivity, likelihood and severity of risk to individuals. Document: risk level (Severe/High/Medium/Low), decision on notifying DPC (Art. 33) and data subjects (Art. 34). 4. **Notification** — If notifying: complete DPC form within 72h; if high risk to individuals, inform them without undue delay. Use the *DPC GDPR Breach Notification* skill for the actual notification content. 5. **Internal record** — Document every breach (including those not notified): what happened, rationale, who decided, risk rating. 6. **Cooperation** — Coordinate with processors per contract; review and update procedures periodically. ## Extension and validation This skill does not include custom validation tools. Elaboration is guided by the skill workflow and reference materials. You can add tools in `extension.ts` later (e.g. to check required sections or checklist coverage) if you want automated validation. --- Back to [Skill Library](https://rakenne.app/skills/index.md)