English briefing
Compromised processor: decisions, evidence and GDPR notification
A practical briefing on supplier-side data breaches: decisions, evidence, controller/processor coordination and CNIL notification.
This English page summarizes the French resource and keeps the same public sources and sensitive-context safeguards.
How to use this briefing
Use the French full guide as the detailed operational source, then start with scope, owner, evidence and next decision. This avoids translating sensitive or contextual details too loosely.
The English version is intentionally concise: it keeps the public-source logic, the decision path and the safeguards against exposing sensitive context.
Evidence to prepare
Clarify whether the compromised supplier is a processor, controller or joint actor.
Preserve logs, timelines, affected data categories and supplier decisions.
Prepare CNIL notification analysis without waiting for perfect certainty.
Turn the incident into supplier controls, contractual evidence and recovery tests.