When a personal data breach occurs at a processor level, GDPR Article 33 requires swift notification to the data controller so they can assess whether further notification to supervisory authorities or data subjects is needed. This GDPR Data Processor Breach Notification Form streamlines that critical reporting process, ensuring your contractors and service providers can report incidents accurately and within the required timeframe.

Designed for data controllers, DPOs, compliance teams, and legal departments across the EU, this template captures everything you need to assess breach severity: the nature of the incident, categories of data affected, approximate number of data subjects impacted, and the measures already taken to contain and remedy the breach. The form also prompts processors to describe likely consequences and ongoing mitigation efforts, giving you a complete picture to inform your next steps.

Because GDPR breach timelines are tight—controllers must notify supervisory authorities within 72 hours of becoming aware of a breach—this form is built for speed and clarity. Conditional logic can be added to tailor follow-up questions based on breach type or risk level, and submissions flow directly into your workflow so you can act fast. You can integrate this form with Stepper to automatically route high-risk breach notifications to your legal team, log incidents in your compliance tracker, notify your DPO via Slack or email, and trigger review processes—all without manual handoffs.

Whether you're a SaaS company working with sub-processors, a consultancy managing client data, or an enterprise coordinating multiple third-party vendors, Paperform makes it simple to stay compliant, respond quickly, and maintain a clear audit trail of every breach notification. Built by businesses for businesses, this template turns a high-stakes legal obligation into a streamlined, repeatable process.