# "How to"s # How to report a data breach **- Who reports**: Any **employee** of DOME's partners, or any data subject that might have been affected by a data breach in a processing activity that relates to the DOME project, who becomes aware of an incident must immediately report the incident. In addition, the identification of an incident may occur through sources internal or external to DOME. - **How and when to communicate** : This communication will be done **within the first 24 hours after the occurrence of the incident **by sending an email to the Privacy Helpdesk to the mailbox . - **What is communicated**: It is essential that as much information as possible is provided in detail to the Privacy Helpdesk staff about what has happened. The communication should contain the following minimum information and answer the following questions: - - When: Day and time when the incident occurred and when it was recorded. - Where: place where the incident occurs. - What: description of what happened in the incident, description of the actual and potential consequences, equipment, systems and data categories affected, facts related to the incident. What kind of personal data was affected (e.g., health data, religion, sexual orientation, data of minors, fingerprints, images, voice or data on union membership). - How much personal data may have been compromised? - Who: companies involved, people involved. - Any other information you consider relevant. # How to request a data removal A data subject might submit a data removal or data erasure request by electronic means at any time. This data removal request will be addressed to the following address : The data subjects will be informed of the need to include in its request's subject "EXERCISE OF RIGHTS DOME", in order for the Partner to be able to identify the processing activity it relates to. Data subjects will also be permitted to act on their rights via postal service requests to a particular Partner, however, in this type of requests they will also necessarily need to include in its subject "EXERCISE OF RIGHTS DOME". In any and all formats, the data subject will necessarily need to specify the data protection right that they are requesting, which will mean that we recommend that the request's subject will actually contain the following phrase : "EXERCISE OF DATA REMOVAL DOME". When the data subject submits the request by electronic means, and unless the data subject requests otherwise, the information necessarily contained in the response will be provided in a commonly used electronic format. **** # How to request a data update A data subject might submit a data update request by electronic means at any time. This data update request will be addressed to the following address: The data subjects will be informed of the need to include in its request's subject "EXERCISE OF RIGHTS DOME", in order for the Partner to be able to identify the processing activity it relates to. Data subjects will also be permitted to act on their rights via postal service requests to a particular Partner, however, in this type of requests they will also necessarily need to include in its subject "EXERCISE OF RIGHTS DOME", as was also obliged in the electronic format. In any and all formats, the data subject will necessarily need to specify the data protection right that they are requesting, which will mean that we recommend that the request's subject will actually contain the following phrase : "EXERCISE OF DATA UPDATE DOME". In the body of the request, they will need to specify the data that they wish to modify, When the data subject submits the request by electronic means, and unless the data subject requests otherwise, the information necessarily contained in the response will be provided in a commonly used electronic format. **** # How to report a provider data breach **- Who reports**: Any **employee** of DOME's partners, or any data subject that might have been affected by a data breach in a processing activity that relates to the DOME project, who becomes aware of an incident must immediately report the incident. In addition, the identification of an incident may occur through sources internal or external to DOME. - **How and when to communicate** : This communication will be done **within the first 24 hours after the occurrence of the incident **by sending an email to the Privacy Helpdesk to the mailbox . - **What is communicated**: It is essential that as much information as possible is provided in detail to the Privacy Helpdesk staff about what has happened. The communication should contain the following minimum information and answer the following questions: - When: Day and time when the incident occurred and when it was recorded. - Where: place where the incident occurs. - What: description of what happened in the incident, description of the actual and potential consequences, equipment, systems and data categories affected, facts related to the incident. What kind of personal data was affected (e.g., health data, religion, sexual orientation, data of minors, fingerprints, images, voice or data on union membership). - How much personal data may have been compromised? - Who: companies involved, people involved. - Any other information you consider relevant. # How to get in touch with the DPO The DOME Project's Data Protection Officer has been set up as a Data Protection Board, made up of representative from a member of each Work Package Leader, as well as representation from the Privacy&Ethics by Design Officer. The Data Protection Board can be reached at .