Breach Notification Policy

This policy describes how RapidLaunch detects, assesses, contains, and notifies of personal data breaches in compliance with GDPR Articles 33 and 34.

Breach Status

No data breaches have been recorded. This page serves as the authoritative record of our breach notification procedure and status.

1. Detection — Automated 5-Minute Scanner

Our infrastructure is continuously monitored by the Security MCP server, which scans all systems every 5 minutes for potential breach indicators:

Any alert from these systems is logged as a critical event in the logging system via the Logging MCP and triggers an immediate notification to the on-call engineer.

2. Containment

Upon detection of a suspected breach, the following containment steps are taken immediately:

  1. Isolate affected systems: The affected server, service, or database is isolated from the network to prevent lateral movement.
  2. Preserve evidence: System snapshots, logs, and memory dumps are taken for forensic analysis.
  3. Revoke credentials: All access credentials to the affected system are rotated.
  4. Block IPs: Any IP addresses identified as sources of the breach are blocked at the firewall level.

3. Assessment

Within 24 hours of detection, the breach response team assesses:

4. Notification to DPC (72 Hours)

Under GDPR Article 33, we must notify the Irish Data Protection Commission of a breach within 72 hours of becoming aware of it. Our notification includes:

5. Notification to Affected Users

Under GDPR Article 34, if the breach is likely to result in a high risk to the rights and freedoms of individuals, we will notify affected users without undue delay. Notification includes:

Notification is sent via email to the affected user's registered email address. In cases where direct notification is not possible, we will publish a prominent notice on our website.

6. Documentation

All breaches, including near-misses, are documented in our internal breach register. Documentation includes:

7. Post-Incident Review

After every breach or near-miss, we conduct a post-incident review to:

8. Contact

To report a suspected data security issue or for breach-related inquiries:

Data Protection Officer: dpo@rapidlaunch.ie (subject: "Security Incident" for urgent reports)