French GDPR Data Breach Notification Form: Fast, Compliant Reporting for EU Businesses

When a personal data breach occurs, time is critical. Under GDPR Article 33 and French law enforced by the Commission Nationale de l'Informatique et des Libertés (CNIL), organisations must notify the supervisory authority within 72 hours of becoming aware of a breach—unless the breach is unlikely to result in a risk to individuals' rights and freedoms.

This French GDPR Data Breach Notification Form template is designed to help businesses operating in France streamline their breach reporting process, ensure all required information is captured accurately, and meet the strict 72-hour deadline with confidence.

Who needs this form?

This template is essential for:

• Data Protection Officers (DPOs) managing incident response and regulatory reporting
• IT and security teams responsible for breach detection and containment
• Legal and compliance professionals coordinating with CNIL and affected parties
• Small to medium businesses operating in France or processing French residents' data
• Enterprises with French subsidiaries needing localised breach reporting workflows
• SaaS companies and cloud providers serving European customers

Whether you're a French SARL, SAS, SIRET-registered business, or an international organisation with French operations, this form helps you stay compliant with CNIL requirements and demonstrate accountability under GDPR.

What's included in this template?

This template captures all mandatory information required by CNIL for breach notifications:

• Organisation identification: Company name, SIRET number, contact details and DPO information
• Breach discovery timeline: Date and time breach was discovered, ensuring 72-hour compliance tracking
• Nature of the breach: Type of incident (unauthorised access, data loss, ransomware, etc.)
• Data categories affected: Personal data types compromised (identity, financial, health, special categories)
• Number of affected individuals: Estimated count of data subjects impacted
• Potential consequences: Assessment of risks to individuals' rights and freedoms
• Mitigation actions taken: Immediate containment measures and remediation steps
• Communication plans: Whether affected individuals will be notified and timeline
• Cross-border implications: Whether other EU supervisory authorities need notification

The form is structured to guide your team through the reporting process systematically, reducing the chance of missing critical details during a high-pressure incident response.

Why use Paperform for GDPR breach reporting?

Speed and accessibility: When a breach is detected, your team needs to act fast. This Paperform template can be accessed instantly from any device, filled out collaboratively, and submitted to CNIL without delay. No more scrambling with Word documents or email chains during a crisis.

Secure data handling: Paperform is SOC 2 Type II compliant and offers data residency controls, ensuring your breach notification data is handled with the same security standards you apply to your own systems. All submissions are encrypted and stored securely.

Automated workflows with Stepper: Connect your breach notification form to Stepper, Paperform's AI-native workflow builder, to automatically trigger critical next steps:

• Send instant alerts to your DPO, legal counsel and senior management
• Create incident response tickets in your project management system
• Log breach details in your compliance database or GRC platform
• Schedule follow-up tasks for impact assessment and individual notifications
• Generate audit trails for regulatory compliance and internal reviews

Conditional logic for smart reporting: Use Paperform's conditional logic to show or hide fields based on breach severity, data categories affected, or whether cross-border notification is required. This keeps the form streamlined and relevant to each specific incident.

Multi-language support: While this template is designed for French regulatory compliance, you can easily translate field labels and instructions to support multilingual teams across your European operations.

GDPR breach notification in context

GDPR requires organisations to notify their supervisory authority (in France, that's CNIL) within 72 hours of discovering a breach that poses a risk to individuals. Late notification can result in significant fines—up to €10 million or 2% of global annual turnover, whichever is higher.

Beyond CNIL notification, if the breach poses a high risk to individuals, you must also notify affected data subjects directly. This form helps you document both your notification obligation to CNIL and your plans for individual communication, keeping your entire incident response process organised and auditable.

For French businesses, this intersects with existing regulatory obligations around SIRET registration, URSSAF compliance, and sector-specific data protection rules. Having a standardised breach notification process demonstrates your commitment to responsabilité (accountability) under GDPR.

How to use this template

1. Customise for your organisation: Add your company logo, DPO contact details, and internal incident classification system
2. Train your incident response team: Ensure IT, security and legal teams know where to access the form and what information to gather
3. Integrate with your security stack: Use webhooks or Stepper to connect breach notifications with your SIEM, ticketing system or compliance platform
4. Set up notifications: Configure email alerts to your DPO and executive team whenever a breach is reported
5. Review and submit to CNIL: Use the form submission as your initial notification document, then follow up with CNIL's online portal or designated email

Beyond breach notifications: Build your compliance toolkit

Paperform is trusted by over 500,000 teams worldwide for professional forms and workflow automation. With SOC 2 Type II compliance, GDPR readiness, and powerful integrations, it's the ideal platform for building your complete compliance toolkit—from data subject access requests and consent forms to vendor risk assessments and internal audits.

Whether you're a French startup scaling across Europe or an established business modernising your compliance processes, this GDPR breach notification template helps you respond to incidents quickly, transparently and in full compliance with CNIL requirements.

Ready to protect your business and your customers? Use this template as your first step in building a robust, automated data breach response process that meets French and EU standards.