Step 1: Identify and Contain: The first step is to identify that a breach has occurred and take immediate steps to contain it. This includes stopping unauthorised access, closing security vulnerabilities, and preventing further data exposure.

Step 2: Assess the Impact: Organisations should assess the potential consequences of the breach, including the types of data exposed, the number of affected individuals, and the potential harm.

Step 3: Report to Authorities: If the breach meets the criteria for reporting, organisations must notify the appropriate supervisory authority. The notification should include details about the breach, its consequences, and the measures taken to address it.

Step 4: Notify Data Subjects: Depending on the severity of the breach, organisations may need to notify affected individuals. This notification should provide clear and understandable information about the breach and its potential impact.

Step 5: Mitigate and Prevent: After reporting and notifying as necessary, organisations should work to mitigate the impact of the breach, prevent further breaches, and improve security measures to avoid similar incidents in the future.