Step 1 of 1: Incident Details

Configure Your Breach Response

Enter when you became aware and select applicable frameworks. Countdown timers and checklists generate instantly. Nothing leaves your browser.

Organisation Name

Incident Reference / ID

Date & Time You Became Aware *

Starts the 72-hour clocks for DPDPA, GDPR, UK GDPR, Saudi PDPL, Thailand PDPA, and UAE PDPL.

Estimated Number of Individuals Affected

Singapore PDPA threshold: 500+ individuals OR likely significant harm to any individual.

🇸🇬 Singapore PDPA: Separate Determination Time Required

Date & Time You Determined the Breach Is Notifiable

The Singapore 3-calendar-day clock runs from DETERMINATION, not from discovery. Enter the moment you concluded the breach meets the notifiability threshold (500+ individuals or likely significant harm).

Incident Severity

🟢

Low

Limited data, low sensitivity, likely no harm to individuals

🟡

Medium

Moderate exposure, some sensitivity, potential inconvenience

🟠

High

Significant personal data, sensitive categories, likely harm

🔴

Critical

Large-scale, special/sensitive data, immediate harm likely

Applicable Frameworks *

Select all jurisdictions where your data fiduciary/controller obligations arise.

🇮🇳

India

DPDPA 2023 · Rule 7

🇪🇺

EU / EEA

GDPR Arts. 33-34

🇬🇧

United Kingdom

UK GDPR · ICO

🇸🇦

Saudi Arabia

PDPL · SDAIA

🇧🇷

Brazil

LGPD · ANPD

🇸🇬

Singapore

PDPA Sec. 26D

🇹🇭

Thailand

PDPA Sec. 37

🇦🇪

UAE

PDPL Art. 17

Data Types Involved

Affects individual notification obligations and response urgency.

← Back to Assessment

✓ Breach Playbook Active

Checklist Progress 0 of 0 items complete

Live Countdown Timers

Authority Notification Deadlines

Timers update every second. Red = under 12 hours · Amber = under 24 hours · Green = more than 24 hours. Singapore timer runs from determination time.

Per-Framework Action Checklists

Response Steps

Expand each framework and check off items as you complete them. Progress tracked above.

Incident Record

Auto-generated from your inputs. Copy or download for your breach register and regulator documentation.

⚠ Legal Disclaimer

Not Legal Advice. This playbook is a practical reference tool for informational purposes only. Breach response obligations depend on specific incident circumstances, sector-specific requirements, and evolving regulatory guidance. Engage qualified legal counsel immediately upon discovery of a significant data breach.

Timelines are statutory defaults. The DPDPA s.8(6) / Rule 7 framework is untested before the DPAB; monitor guidance as enforcement develops from May 2027. Brazil deadlines (3 business days under ANPD Resolution No. 15/2024; 20 working days for supplementary report) count working/business days and exclude Brazilian national holidays, which this tool does not calculate.

Full Compliance Assessment →