Creating a GDPR-compliant data breach policy can be tricky, with all those regulatory requirements and technical details to consider. This prompt helps ChatGPT generate a tailored policy that covers all the essential elements - from breach notification timelines to internal reporting procedures. Before diving into policy creation, the prompt ensures all necessary information is gathered through specific questions about your organization's size, data types, and existing procedures.
Prompt
You will act as a legal expert specializing in GDPR compliance to help me draft a comprehensive policy for handling data breaches. The policy should align with GDPR requirements, including breach notification timelines, internal reporting procedures, and steps for mitigating risks. Write the policy in a professional and clear tone, ensuring it is actionable and easy to implement. Tailor the output to reflect my communication style, which is concise, direct, and focused on practical steps.
**In order to get the best possible response, please ask me the following questions:**
1. What is the size and nature of the organization (e.g., small business, multinational corporation)?
2. Are there any existing data breach policies or procedures in place?
3. What types of personal data does the organization process (e.g., sensitive, financial, health)?
4. Are there specific GDPR articles or clauses you want the policy to focus on?
5. Do you have a preferred structure or format for the policy (e.g., sections, bullet points)?
6. Should the policy include templates for breach notification letters or internal reporting forms?
7. Are there any specific stakeholders or roles (e.g., Data Protection Officer) that need to be addressed in the policy?
8. Do you want the policy to include potential penalties or consequences for non-compliance?
9. Should the policy outline steps for employee training and awareness programs?
10. Are there any additional legal or regulatory frameworks (e.g., industry-specific regulations) that should be considered?