AdvancedjuridicoFree prompt

Personal Data Security Incident Response Plan

Structure a complete incident response plan for personal data breaches, including notifications to the data protection authority (ANPD) and affected data subjects.

Prepare the organization to respond to personal data security incidents within legal deadlines, minimizing damage, and fulfilling notification obligations (Art. 48, LGPD—Brazil's General Data Protection Law).

At a glance

Access

Free prompt

Open to copy without upgrading.

Prompt objective

Real use case

BancoDigital+, a fintech serving 800,000 customers, experienced a data leak affecting 15,000 account holders (names, tax IDs, balances, and transaction history). They need to activate their incident response plan within 72 hours, as required by Brazil's data protection authority (ANPD).

Customize these fields first

COMPANY NAMEINDUSTRYNUMBERYES/NO — typesYES/NOLIST

Replace the placeholders with your own context before you run the prompt. That usually improves the first output more than adding more instructions later.

Prompt

Structure a personal data security incident response plan for [COMPANY NAME], operating in the [INDUSTRY] sector, with [NUMBER] registered data subjects.\\\\\\\\n\\\\\\\\n**Risk Profile:**\\\\\\\\n- Sensitive data processed: [YES/NO — types]\\\\\\\\n- Financial data: [YES/NO]\\\\\\\\n- Record volume: [NUMBER]\\\\\\\\n- Critical systems: [LIST]\\\\\\\\n- Incident history: [NUMBER] in the past 24 months\\\\\\\\n\\\\\\\\n**Structure the plan in the following phases:**\\\\\\\\n\\\\\\\\n1) **Preparation (pre-incident):**\\\\\\\\n   - Incident response team: composition (IT, Legal, DPO, Communications, Executive Management)\\\\\\\\n   - Roles and responsibilities for each member\\\\\\\\n   - Emergency communication channels (outside compromised systems)\\\\\\\\n   - Contracts with digital forensics and crisis PR vendors\\\\\\\\n   - Periodic simulations (tabletop exercises): annual schedule\\\\\\\\n   - Detection tools: SIEM, monitoring, alerts\\\\\\\\n\\\\\\\\n2) **Detection and Analysis (0-24 hours):**\\\\\\\\n   - Incident classification criteria (severity levels 1-4)\\\\\\\\n   - Initial analysis checklist:\\\\\\\\n     - Incident type (breach, ransomware, unauthorized access, loss)\\\\\\\\n     - Data affected: categories and volume\\\\\\\\n     - Subjects impacted: number and profile\\\\\\\\n     - Identified attack vector\\\\\\\\n     - Extent of compromise\\\\\\\\n   - Escalation criteria: severity-based matrix\\\\\\\\n   - Evidence preservation (chain of custody)\\\\\\\\n\\\\\\\\n3) **Containment and Eradication (24-72 hours):**\\\\\\\\n   - Immediate containment measures by incident type\\\\\\\\n   - Isolation of compromised systems\\\\\\\\n   - Access revocation\\\\\\\\n   - Threat elimination\\\\\\\\n   - Backup integrity verification\\\\\\\\n\\\\\\\\n4) **Mandatory Notifications (Art. 48, LGPD):**\\\\\\\\n   - **To the ANPD** (deadline: 3 business days—Resolution CD/ANPD No. 15):\\\\\\\\n     - Notification form: all required fields\\\\\\\\n     - Minimum information: data nature, affected subjects, technical measures, risks, mitigation measures\\\\\\\\n   - **To Data Subjects** (deadline: 3 business days):\\\\\\\\n     - Clear and direct communication template\\\\\\\\n     - Channels: individual email + website notice + press (if necessary)\\\\\\\\n     - Required information (Art. 48, §1)\\\\\\\\n     - FAQ for subject inquiries\\\\\\\\n   - **Other authorities** (if applicable): Central Bank, Securities Commission, Telecommunications Agency\\\\\\\\n   - **Internal communication**: information levels by hierarchy\\\\\\\\n\\\\\\\\n5) **Recovery (72 hours-30 days):**\\\\\\\\n   - Secure system restoration\\\\\\\\n   - Intensive post-incident monitoring\\\\\\\\n   - Data integrity validation\\\\\\\\n   - Gradual return to normal operations\\\\\\\\n\\\\\\\\n6) **Post-Incident (30-90 days):**\\\\\\\\n   - Complete incident report (root cause analysis)\\\\\\\\n   - Lessons learned and implemented improvements\\\\\\\\n   - Policy and procedure updates\\\\\\\\n   - Corrective training\\\\\\\\n   - Follow-up communication to subjects\\\\\\\\n\\\\\\\\n**Appendices:**\\\\\\\\n- Activation checklist by incident type\\\\\\\\n- ANPD notification template\\\\\\\\n- Data subject communication template\\\\\\\\n- Emergency contact list\\\\\\\\n- Decision flowchart\\\\\\\\n\\\\\\\\nBase on LGPD (Arts. 46, 47, 48, and 49), Resolution CD/ANPD No. 15/2024, and NIST SP 800-61 and ISO 27035 frameworks.

Open directly in an AI — the text is pre-filled:

Open in ChatGPT Open in Claude Open in Gemini

How to use this prompt

1Replace the key placeholders first: COMPANY NAME, INDUSTRY, NUMBER, YES/NO — types.
2Replace any bracketed placeholders like [this] with your own context.
3Add extra background information when you want more tailored results.
4Combine multiple prompts in one conversation when you need a richer output.
5Save your best-performing prompts so they are easy to reuse later.

Next best step

Open the guide first, then branch only if you still need more.

A guide for choosing prompts, tools, courses, and workflows without creating expensive tool sprawl.

If this prompt is close but not quite right, generate variants next. If the job is recurring, move into the course library after the guide.

Open the guide Generate variants

Legal path Browse courses

Related prompts

View all

SaaS Licensing Agreement with SLA and Data Protection Clauses

Generates a complete SaaS licensing agreement template adapted to Brazilian law, including SLA terms, data processing, and intellectual property provisions.

AdvancedFree prompt

Best for

Draft a SaaS service agreement that protects both provider and client, compliant with the Brazilian Civil Code, Internet Framework Law, and LGPD (Brazil's data protection law).

Copy-ready promptOpen prompt

Mutual NDA for Business Negotiations

Creates a robust mutual non-disclosure agreement to protect sensitive information during negotiations between businesses.

IntermediateFree prompt

Best for

Draft an NDA that protects both parties in commercial negotiations, M&A deals, or strategic partnerships, compliant with Brazilian Civil Code and Industrial Property Law.

Copy-ready promptOpen prompt

Professional Services Agreement with Defined Scope and Scope Creep Protection

Generates a professional services contract with clear scope delimitation, change request mechanisms, and formal acceptance procedures.

IntermediateFree prompt

Best for

Protect service providers from informal scope expansion (scope creep) by establishing formal change procedures.

Copy-ready promptOpen prompt

Commercial Partnership Agreement (Joint Venture) Between Companies

Draft a commercial partnership or joint venture agreement with clear governance rules, profit-sharing, and exit mechanisms.

AdvancedFree prompt

Best for

Structure a commercial partnership or joint venture legally, defining responsibilities, investments, governance, and dissolution mechanisms.

Copy-ready promptOpen prompt

Explore other prompt categories

Move sideways into adjacent libraries when the current category is not the full answer.

🏦Finance & Accounting 👥HR & Recruiting 🚀Entrepreneurship View all categories

Free browsing stays open. Premium prompts unlock the reusable workflow layer.

Use the guides and role paths to validate the job first. Upgrade when you want the full prompt text, editable premium prompts, and the surrounding course paths in one place.

Free access

Browse guides, role paths, and category pages.
Preview prompts before you decide to upgrade.
Find the right starting point without friction.

Membership access

Unlock premium prompts and the full copy text.
See more workflow paths and course connections.
Keep the reusable templates in one place.

Guides Role paths Course paths

Unlock for $10/month See the course library first

Cancel any time. No long-term commitment.