IIJ GDPR Incident Management and Support Service

Experts Work Together with Your Incident Support Team to Provide Advice

As many companies rarely communicate with Supervisory Authorities and data subjects on a regular basis, IIJ experts will visit the concerned site when an incident occurs and work with the incident response team on-site to provide advice on how to properly submit reports and release information to Supervisory Authorities and data subjects in EU.

Various Task Support

Many companies are not familiar with the actual reports that need to be submitted to Supervisory Authorities. Trying to create documentation from zero when an incident occurs is a sure way to failure. Internal accommodations also take up time and manpower, so outsourcing tasks such as document creation allows your organization to focus on collecting information, making the right decisions, and giving proper instructions. This service also performs various tasks, such as creating necessary documents, per your request.

Submission of Reports to Supervisory Authorities within 72 Hours

GDPR requires companies to submit reports to Supervisory Authorities within 72 hours once a controller realizes that a personal data breach has occurred (*1). The period of initial investigation does not count as the state of awareness (*1). If the period of initial investigation is long, it is certainly possible to submit the report within 72 hours. If a third party submits a report before you to the Supervisory Authority indicating that personal data was stolen/lost or a large-scale service outage has occurred, fines will be severe in this case. For this reason, it is critical for companies to submit an initial report to the Supervisory Authorities as soon as possible.

By subscribing to this service, there is no need to worry about contract procedures during an incident. We will immediately be available to provide support during such situations.

It is necessary, however, to have a sufficient understanding of the service user's system/organization for handling personal data beforehand. For this reason, we highly recommend that you also have a contract for the IIJ DPO Outsourcing Service.

1. (*1) Awareness as defined in page 11 of "Guidelines 9/2022 on personal data breach notification under GDPR" (GDPR guidelines PDF)

We Work with Your Insurance

Providing incident support requires urgency, important decision-making, and the intensive focus to perform these tasks. Experts may need to perform work at night, weekend, or on holiday, which results in significant cost.
Supervisory Authorities typically conduct audits on companies whenever they experience an incident. This means it is critical to devise appropriate post-action plans and to establish an organization to implement the new policies. The expense to have such temporary support from experts also tends to be quite costly. These costs are covered by insurance policies that include special GDPR clauses. We recommend to effectively use insurance in this way. We can also provide recommendations on insurance programs that offer GDPR clauses.