Breach Notification Procedure

GDPR Articles 33 & 34 — Last updated 27.03.2026

Detection

Breaches are detected through automated security event logging, auto-ban triggers, rate limiting, bot pattern analysis, and infrastructure monitoring via Supabase and Vercel.

Assessment

Upon detection: contain the incident, classify severity, assess risk to individuals, and preserve evidence.

Supervisory authority (within 72 hours)

If the breach is likely to result in a risk to individuals' rights, we notify the Danish Data Protection Authority (Datatilsynet) within 72 hours per GDPR Article 33. The notification includes nature, scope, likely consequences, and remedial measures.

Affected users (without undue delay)

If the breach is likely to result in a high risk, we notify affected users via email per GDPR Article 34, with a clear description and recommended actions.

Record

All breaches are recorded internally regardless of notification threshold, including date, scope, consequences, and remediation.

Contact

Report suspected breaches to contact@opendetail.org.

We use cookies

We use essential cookies to keep you logged in. We do not use third-party tracking or analytics cookies.

Cookie Policy · Privacy Policy