Article 33 & Article 34
Personal data security
The aforementioned articles cover data breach scenarios that include specific guidelines for when/if individuals may need to be notified should data be compromised.
Processes to handle reporting requirements are key to compliance. In a worst case scenario, organizations need to report within 72 hours to anyone who's personal data has been affected.
Manual: Custom reports or APEX to generate a tailored version of the aforementioned data inventory report.