Skip to main content


Download With Dependencies

This Content Pack helps you facilitate the breach notification process according to the GDPR requirements, in response to a data breach incident.

GDPR data breach investigations require security teams to reconcile data from multiple sources, and follow a series of processes to notify the relevant sources, according to the sensitivity of the information breached. Valuable time is lost shuttling between screens and executing repeatable tasks while the sensitive data is out there and the SLA time to handle the incident keeps ticking.
The ‚ÄėGDPR‚Äô content pack contains the ‚ÄėGDPR Breach Notification‚Äô playbook, that automates response to a data breach incident according to the GDPR requirements. The pack also contains the corresponding GDPR automation scripts, incident fields, views and layouts to facilitate the breach notification process.
The General Data Protection Regulation (the GDPR) is a regulation in EU law on data protection and privacy of individuals. Disclaimer: This pack does not ensure compliance to the GDPR regulation. Before using the pack, we advise consulting with the relevant authorities, and adjusting it to the organization’s needs.

What does this pack do?

The playbook triggers a GDPR breach incident, and then performs the required tasks that are detailed in GDPR Article 33.
The playbook included in this pack helps you save time and automate repetitive tasks associated with GDPR breach notification incidents:

  • Gather the relevant data that is a part of the GDPR Data Breach incident and notify the organization‚Äôs Data Protection Officer about the breach.
  • Choose the required remediation path to follow by the GDPR based on the DPO‚Äôs investigation.
  • Create a SLA timer of 72 hours for the notification of the relevant supervisory authority, as required by the GDPR Article 33.
  • Generate a breach report as required by the GDPR Article 33.
  • Notify the relevant authorities based on the affected company‚Äôs country.
  • If needed, notify the affected individuals about the breach.

As part of this pack, you will also get out-of-the-box malware incident type views, with incident classification mapping, fields and a full layout. All of these are easily customizable to suit the needs of your organization.

For more information, visit our Cortex XSOAR Developer Docs





Cortex XSOARCortex XSIAM


CertificationRead more
Supported ByCortex
CreatedJuly 26, 2020
Last ReleaseNovember 8, 2022

Content packs are licensed by the Publisher identified above and subject to the Publisher‚Äôs own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as ‚ÄúPalo Alto Networks-certified‚ÄĚ or otherwise. For more information, see the Marketplace documentation.