Data breachIncident responseSecurityHow-to
How to Handle a Data Breach: Step-by-Step Guide
workro desk team·7 min read·20 October 2025
Immediate Response (First 1 Hour)
- Contain the breach: isolate affected systems
- Revoke compromised credentials
- Notify IT Head and management
- Begin documenting everything
Investigation (Hours 1-24)
- Identify what data was affected
- Determine how the breach occurred
- Assess the scope of exposure
- Preserve evidence for investigation
Notification (Within 72 Hours)
Under DPDP Act 2023, notify the board and affected Data Principals within 72 hours of becoming aware of a breach involving personal data.
Recovery and Prevention
- Apply the fix that prevented the breach
- Restore data from backups if needed
- Update security controls
- Conduct post-incident review
- Update incident response procedures
Ready to fix faster?