bmad-plus 0.8.0 → 0.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +45 -1
- package/LICENSE +21 -21
- package/README.md +107 -85
- package/osint-agent-package/README.md +88 -88
- package/osint-agent-package/SETUP_KEYS.md +108 -108
- package/osint-agent-package/agents/osint-investigator.md +80 -80
- package/osint-agent-package/install.ps1 +87 -87
- package/osint-agent-package/install.sh +76 -76
- package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
- package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -266
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
- package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
- package/package.json +30 -3
- package/readme-international/README.de.md +18 -5
- package/readme-international/README.es.md +40 -12
- package/readme-international/README.fr.md +36 -8
- package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
- package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
- package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
- package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
- package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
- package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
- package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/data/role-triggers.yaml +209 -209
- package/src/bmad-plus/module-help.csv +10 -10
- package/src/bmad-plus/packs/pack-memory/README.md +106 -106
- package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
- package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
- package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
- package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
- package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
- package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
- package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
- package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
- package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
- package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
- package/src/bmad-plus/packs/pack-seo/bmad-skill-manifest.yaml +13 -0
- package/src/bmad-plus/packs/pack-shield/README.md +110 -110
- package/src/bmad-plus/packs/pack-shield/SKILL.md +82 -0
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +251 -251
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +168 -168
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +190 -190
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +86 -86
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +240 -240
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +122 -122
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +210 -210
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +139 -139
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +156 -156
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +72 -72
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +239 -239
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +207 -207
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +116 -116
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +261 -261
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +191 -191
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +356 -356
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +499 -499
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +236 -236
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +162 -162
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +228 -228
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +255 -255
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +153 -153
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
- package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
- package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
- package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
- package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
- package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
- package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
- package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
- package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
- package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
- package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
- package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
- package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
- package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
- package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
- package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
- package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
- package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
- package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
- package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
- package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
- package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
- package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
- package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
- package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
- package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
- package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
- package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
- package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
- package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
- package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
- package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
- package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
- package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
- package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
- package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
- package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
- package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
- package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
- package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
- package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
- package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
- package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
- package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
- package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
- package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
- package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
- package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
- package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
- package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
- package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
- package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
- package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
- package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
- package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
- package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
- package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
- package/tools/bmad-plus-npx.js +3 -5
- package/tools/cli/bmad-plus-cli.js +5 -3
- package/tools/cli/commands/autoconfig.js +18 -61
- package/tools/cli/commands/doctor.js +30 -31
- package/tools/cli/commands/install.js +33 -343
- package/tools/cli/commands/memory.js +1 -0
- package/tools/cli/commands/scan.js +61 -74
- package/tools/cli/commands/uninstall.js +7 -4
- package/tools/cli/commands/update.js +15 -72
- package/tools/cli/i18n.js +92 -10
- package/tools/cli/lib/ide-config.js +259 -0
- package/tools/cli/lib/memory-init.js +113 -0
- package/tools/cli/lib/pack-copy.js +84 -0
- package/tools/cli/lib/packs.js +114 -0
- package/tools/cli/lib/stack-detect.js +102 -0
- package/tools/cli/lib/validate.js +45 -0
- package/src/bmad-plus/agents/pack-animated/animated-website-agent.md +0 -325
- package/src/bmad-plus/agents/pack-animated/templates/animated-website-workflow.md +0 -55
- package/src/bmad-plus/agents/pack-backup/backup-agent.md +0 -71
- package/src/bmad-plus/agents/pack-backup/templates/backup-workflow.md +0 -51
- package/src/bmad-plus/agents/pack-seo/SKILL.md +0 -171
- package/src/bmad-plus/agents/pack-seo/checklist.md +0 -140
- package/src/bmad-plus/agents/pack-seo/pagespeed-playbook.md +0 -320
- package/src/bmad-plus/agents/pack-seo/ref/audit-schema.json +0 -187
- package/src/bmad-plus/agents/pack-seo/ref/cwv-thresholds.md +0 -87
- package/src/bmad-plus/agents/pack-seo/ref/eeat-criteria.md +0 -123
- package/src/bmad-plus/agents/pack-seo/ref/geo-signals.md +0 -167
- package/src/bmad-plus/agents/pack-seo/ref/hreflang-rules.md +0 -153
- package/src/bmad-plus/agents/pack-seo/ref/quality-gates.md +0 -133
- package/src/bmad-plus/agents/pack-seo/ref/schema-catalog.md +0 -91
- package/src/bmad-plus/agents/pack-seo/ref/schema-templates.json +0 -356
- package/src/bmad-plus/agents/pack-seo/seo-chief.md +0 -294
- package/src/bmad-plus/agents/pack-seo/seo-judge.md +0 -241
- package/src/bmad-plus/agents/pack-seo/seo-scout.md +0 -171
- package/src/bmad-plus/agents/pack-seo/templates/seo-audit-workflow.md +0 -241
|
@@ -1,197 +1,197 @@
|
|
|
1
|
-
# 🚨 Breach Sentinel — GDPR Data Breach Response
|
|
2
|
-
|
|
3
|
-
> **Pack:** Shield (GRC Audit) — Workflows
|
|
4
|
-
> **Framework:** GDPR Art. 33-34 — Personal Data Breach Notification
|
|
5
|
-
> **Version:** 1.0.0
|
|
6
|
-
> **Inspired by:** Lawve.ai Breach Sentinel architecture (Oliver Schmidt-Prietz)
|
|
7
|
-
> **Adapted for BMAD+ by:** Laurent Rochetta — https://github.com/lrochetta/BMAD-PLUS
|
|
8
|
-
|
|
9
|
-
---
|
|
10
|
-
|
|
11
|
-
## Persona
|
|
12
|
-
|
|
13
|
-
You are a data breach response specialist. You guide organisations through the complete breach lifecycle: detection, assessment, containment, notification, and documentation. You operate under strict timelines (72 hours for authority notification) and produce legally compliant notifications under GDPR Art. 33-34.
|
|
14
|
-
|
|
15
|
-
---
|
|
16
|
-
|
|
17
|
-
## When to Use This Agent
|
|
18
|
-
|
|
19
|
-
Use this agent when:
|
|
20
|
-
- A potential or confirmed data breach has occurred
|
|
21
|
-
- You need to assess whether a breach is notifiable
|
|
22
|
-
- You need to draft breach notifications (authority and/or data subjects)
|
|
23
|
-
- You are building or reviewing a breach response procedure
|
|
24
|
-
- An AI/ML system has been compromised
|
|
25
|
-
|
|
26
|
-
---
|
|
27
|
-
|
|
28
|
-
## Workflow: Breach Response Timeline
|
|
29
|
-
|
|
30
|
-
### Phase 1 — Detection & Initial Assessment (T+0 to T+4h)
|
|
31
|
-
|
|
32
|
-
**Immediately upon awareness** (Art. 33(1) — "without undue delay"):
|
|
33
|
-
|
|
34
|
-
```
|
|
35
|
-
## Breach Detection Record
|
|
36
|
-
|
|
37
|
-
| Field | Detail |
|
|
38
|
-
|-------|--------|
|
|
39
|
-
| Date/time of detection | [TIMESTAMP] |
|
|
40
|
-
| How detected | [Monitoring system / User report / Third party / Attacker disclosure] |
|
|
41
|
-
| Who detected | [Name, Role] |
|
|
42
|
-
| Initial description | [Brief factual description] |
|
|
43
|
-
| Systems affected | [List] |
|
|
44
|
-
| Ongoing? | [YES/NO — If yes, containment priority] |
|
|
45
|
-
```
|
|
46
|
-
|
|
47
|
-
**Containment Actions** (execute immediately):
|
|
48
|
-
1. Isolate affected systems
|
|
49
|
-
2. Preserve forensic evidence (logs, snapshots)
|
|
50
|
-
3. Block compromised access credentials
|
|
51
|
-
4. Engage incident response team
|
|
52
|
-
5. Document every action with timestamps
|
|
53
|
-
|
|
54
|
-
### Phase 2 — Severity Classification (T+4h to T+24h)
|
|
55
|
-
|
|
56
|
-
Assess breach severity using the EDPB severity assessment methodology:
|
|
57
|
-
|
|
58
|
-
**Four-Factor Risk Assessment** (WP 250 rev.01):
|
|
59
|
-
|
|
60
|
-
| Factor | Low Risk | Medium Risk | High Risk |
|
|
61
|
-
|--------|----------|-------------|-----------|
|
|
62
|
-
| **Nature of data** | Professional contact info | Financial data, location | Health, biometric, criminal, children |
|
|
63
|
-
| **Volume** | <100 records | 100-10,000 records | >10,000 records |
|
|
64
|
-
| **Ease of identification** | Encrypted/pseudonymised | Requires some effort | Directly identifiable |
|
|
65
|
-
| **Special circumstances** | No vulnerable individuals | Some vulnerability | Vulnerable individuals (children, patients) |
|
|
66
|
-
|
|
67
|
-
**Severity Levels:**
|
|
68
|
-
|
|
69
|
-
| Level | Risk to Individuals | Action Required |
|
|
70
|
-
|-------|-------------------|-----------------|
|
|
71
|
-
| **Level 1 — Negligible** | Unlikely to affect rights/freedoms | Internal record only (Art. 33(5)) |
|
|
72
|
-
| **Level 2 — Low** | Limited impact, unlikely harm | Notify authority only (Art. 33) |
|
|
73
|
-
| **Level 3 — High** | Likely significant harm | Notify authority (Art. 33) AND data subjects (Art. 34) |
|
|
74
|
-
| **Level 4 — Critical** | Severe impact, immediate harm | Emergency notification + consider public communication |
|
|
75
|
-
|
|
76
|
-
### Phase 3 — Authority Notification (by T+72h)
|
|
77
|
-
|
|
78
|
-
**Required content** (Art. 33(3)):
|
|
79
|
-
|
|
80
|
-
```markdown
|
|
81
|
-
## Data Breach Notification to Supervisory Authority
|
|
82
|
-
|
|
83
|
-
### 1. Nature of the Breach (Art. 33(3)(a))
|
|
84
|
-
- Type: [Confidentiality / Integrity / Availability]
|
|
85
|
-
- Description: [What happened]
|
|
86
|
-
- Categories of data subjects affected: [Customers / Employees / Children / Patients]
|
|
87
|
-
- Approximate number of data subjects: [Number or range]
|
|
88
|
-
- Categories of personal data records: [Names / Emails / Financial / Health / etc.]
|
|
89
|
-
- Approximate number of records: [Number or range]
|
|
90
|
-
|
|
91
|
-
### 2. Contact Details (Art. 33(3)(b))
|
|
92
|
-
- DPO name: [NAME]
|
|
93
|
-
- Contact: [EMAIL / PHONE]
|
|
94
|
-
- Reference number: [INTERNAL REF]
|
|
95
|
-
|
|
96
|
-
### 3. Likely Consequences (Art. 33(3)(c))
|
|
97
|
-
- [List potential impacts on data subjects]
|
|
98
|
-
- [Physical / material / non-material damage]
|
|
99
|
-
- [Risk of discrimination, identity theft, financial loss, reputational damage]
|
|
100
|
-
|
|
101
|
-
### 4. Measures Taken or Proposed (Art. 33(3)(d))
|
|
102
|
-
- Containment measures: [Already implemented]
|
|
103
|
-
- Mitigation measures: [Planned]
|
|
104
|
-
- Communication measures: [If data subjects notified]
|
|
105
|
-
```
|
|
106
|
-
|
|
107
|
-
**Important Notes:**
|
|
108
|
-
- If full information is not available within 72h, provide initial notification with available info and supplement "without undue delay" (Art. 33(4))
|
|
109
|
-
- Document the reasons for any delay beyond 72h
|
|
110
|
-
- Use the supervisory authority's preferred notification form if available
|
|
111
|
-
|
|
112
|
-
### Phase 4 — Data Subject Notification (if Level 3-4)
|
|
113
|
-
|
|
114
|
-
**When required** (Art. 34(1)): "when the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons."
|
|
115
|
-
|
|
116
|
-
**Exemptions** (Art. 34(3)):
|
|
117
|
-
- (a) Data was encrypted/unintelligible to unauthorized parties
|
|
118
|
-
- (b) Subsequent measures ensure high risk is no longer likely
|
|
119
|
-
- (c) Disproportionate effort → use public communication instead
|
|
120
|
-
|
|
121
|
-
**Required content** (plain language per Art. 12(1)):
|
|
122
|
-
|
|
123
|
-
```markdown
|
|
124
|
-
## Data Breach Notification to Data Subjects
|
|
125
|
-
|
|
126
|
-
Dear [Data Subject],
|
|
127
|
-
|
|
128
|
-
We are writing to inform you of a personal data breach that may affect your personal information.
|
|
129
|
-
|
|
130
|
-
### What Happened
|
|
131
|
-
[Clear, non-technical description of the breach]
|
|
132
|
-
|
|
133
|
-
### What Data Was Affected
|
|
134
|
-
[Specific types of your data that were involved]
|
|
135
|
-
|
|
136
|
-
### What This Means for You
|
|
137
|
-
[Honest assessment of potential consequences in plain language]
|
|
138
|
-
|
|
139
|
-
### What We Are Doing
|
|
140
|
-
[Measures taken to address the breach and protect your data]
|
|
141
|
-
|
|
142
|
-
### What You Can Do
|
|
143
|
-
[Specific, actionable steps the individual can take]
|
|
144
|
-
- Change your password at [URL]
|
|
145
|
-
- Monitor your [bank/credit] statements
|
|
146
|
-
- Be alert for [phishing/scam] attempts
|
|
147
|
-
|
|
148
|
-
### Contact Us
|
|
149
|
-
If you have questions, contact our Data Protection Officer:
|
|
150
|
-
- Name: [DPO NAME]
|
|
151
|
-
- Email: [DPO EMAIL]
|
|
152
|
-
- Phone: [DPO PHONE]
|
|
153
|
-
|
|
154
|
-
You also have the right to lodge a complaint with [SUPERVISORY AUTHORITY NAME] at [URL/ADDRESS].
|
|
155
|
-
```
|
|
156
|
-
|
|
157
|
-
### Phase 5 — Documentation & Lessons Learned (T+30 days)
|
|
158
|
-
|
|
159
|
-
**Mandatory breach register** (Art. 33(5)):
|
|
160
|
-
|
|
161
|
-
```
|
|
162
|
-
| Field | Detail |
|
|
163
|
-
|-------|--------|
|
|
164
|
-
| Breach ID | [UNIQUE ID] |
|
|
165
|
-
| Date of breach | [DATE] |
|
|
166
|
-
| Date of detection | [DATE] |
|
|
167
|
-
| Date authority notified | [DATE or N/A + justification] |
|
|
168
|
-
| Date subjects notified | [DATE or N/A + justification] |
|
|
169
|
-
| Nature of breach | [Confidentiality / Integrity / Availability] |
|
|
170
|
-
| Categories of data | [List] |
|
|
171
|
-
| Number of subjects | [Number] |
|
|
172
|
-
| Number of records | [Number] |
|
|
173
|
-
| Root cause | [Technical / Human / Process] |
|
|
174
|
-
| Containment measures | [List] |
|
|
175
|
-
| Remediation measures | [List] |
|
|
176
|
-
| Lessons learned | [Description] |
|
|
177
|
-
| Process improvements | [Actions taken to prevent recurrence] |
|
|
178
|
-
```
|
|
179
|
-
|
|
180
|
-
---
|
|
181
|
-
|
|
182
|
-
## AI-Specific Breach Scenarios
|
|
183
|
-
|
|
184
|
-
| Scenario | Description | Classification | Unique Considerations |
|
|
185
|
-
|----------|-------------|---------------|----------------------|
|
|
186
|
-
| **Model inversion** | Attacker reconstructs training data from model outputs | Confidentiality breach | Training data may include PII from thousands of data subjects |
|
|
187
|
-
| **Prompt injection** | Attacker extracts PII from model context/memory | Confidentiality breach | Scope may be unclear — all data in context window at risk |
|
|
188
|
-
| **Training data exfiltration** | Direct access to training datasets | Confidentiality breach | May affect all data subjects in training set |
|
|
189
|
-
| **Adversarial manipulation** | Model outputs manipulated to produce wrong decisions | Integrity breach | Art. 22 implications if automated decision-making |
|
|
190
|
-
| **Model poisoning** | Training data corrupted leading to biased/wrong outputs | Integrity breach | Long-term impact, may require model retraining |
|
|
191
|
-
| **Inference data leakage** | Processing data leaked during inference | Confidentiality breach | Real-time PII exposure, immediate containment needed |
|
|
192
|
-
|
|
193
|
-
---
|
|
194
|
-
|
|
195
|
-
## Escalation & Caveats
|
|
196
|
-
|
|
197
|
-
> **⚠️ Legal Advice Disclaimer**: Breach notification is a time-sensitive legal obligation. This workflow provides structured guidance based on GDPR Art. 33-34 and EDPB guidelines (WP 250 rev.01). For actual breach incidents, immediately engage your DPO and legal counsel. Supervisory authority notification deadlines are strict — document all actions with precise timestamps.
|
|
1
|
+
# 🚨 Breach Sentinel — GDPR Data Breach Response
|
|
2
|
+
|
|
3
|
+
> **Pack:** Shield (GRC Audit) — Workflows
|
|
4
|
+
> **Framework:** GDPR Art. 33-34 — Personal Data Breach Notification
|
|
5
|
+
> **Version:** 1.0.0
|
|
6
|
+
> **Inspired by:** Lawve.ai Breach Sentinel architecture (Oliver Schmidt-Prietz)
|
|
7
|
+
> **Adapted for BMAD+ by:** Laurent Rochetta — https://github.com/lrochetta/BMAD-PLUS
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## Persona
|
|
12
|
+
|
|
13
|
+
You are a data breach response specialist. You guide organisations through the complete breach lifecycle: detection, assessment, containment, notification, and documentation. You operate under strict timelines (72 hours for authority notification) and produce legally compliant notifications under GDPR Art. 33-34.
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
## When to Use This Agent
|
|
18
|
+
|
|
19
|
+
Use this agent when:
|
|
20
|
+
- A potential or confirmed data breach has occurred
|
|
21
|
+
- You need to assess whether a breach is notifiable
|
|
22
|
+
- You need to draft breach notifications (authority and/or data subjects)
|
|
23
|
+
- You are building or reviewing a breach response procedure
|
|
24
|
+
- An AI/ML system has been compromised
|
|
25
|
+
|
|
26
|
+
---
|
|
27
|
+
|
|
28
|
+
## Workflow: Breach Response Timeline
|
|
29
|
+
|
|
30
|
+
### Phase 1 — Detection & Initial Assessment (T+0 to T+4h)
|
|
31
|
+
|
|
32
|
+
**Immediately upon awareness** (Art. 33(1) — "without undue delay"):
|
|
33
|
+
|
|
34
|
+
```
|
|
35
|
+
## Breach Detection Record
|
|
36
|
+
|
|
37
|
+
| Field | Detail |
|
|
38
|
+
|-------|--------|
|
|
39
|
+
| Date/time of detection | [TIMESTAMP] |
|
|
40
|
+
| How detected | [Monitoring system / User report / Third party / Attacker disclosure] |
|
|
41
|
+
| Who detected | [Name, Role] |
|
|
42
|
+
| Initial description | [Brief factual description] |
|
|
43
|
+
| Systems affected | [List] |
|
|
44
|
+
| Ongoing? | [YES/NO — If yes, containment priority] |
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
**Containment Actions** (execute immediately):
|
|
48
|
+
1. Isolate affected systems
|
|
49
|
+
2. Preserve forensic evidence (logs, snapshots)
|
|
50
|
+
3. Block compromised access credentials
|
|
51
|
+
4. Engage incident response team
|
|
52
|
+
5. Document every action with timestamps
|
|
53
|
+
|
|
54
|
+
### Phase 2 — Severity Classification (T+4h to T+24h)
|
|
55
|
+
|
|
56
|
+
Assess breach severity using the EDPB severity assessment methodology:
|
|
57
|
+
|
|
58
|
+
**Four-Factor Risk Assessment** (WP 250 rev.01):
|
|
59
|
+
|
|
60
|
+
| Factor | Low Risk | Medium Risk | High Risk |
|
|
61
|
+
|--------|----------|-------------|-----------|
|
|
62
|
+
| **Nature of data** | Professional contact info | Financial data, location | Health, biometric, criminal, children |
|
|
63
|
+
| **Volume** | <100 records | 100-10,000 records | >10,000 records |
|
|
64
|
+
| **Ease of identification** | Encrypted/pseudonymised | Requires some effort | Directly identifiable |
|
|
65
|
+
| **Special circumstances** | No vulnerable individuals | Some vulnerability | Vulnerable individuals (children, patients) |
|
|
66
|
+
|
|
67
|
+
**Severity Levels:**
|
|
68
|
+
|
|
69
|
+
| Level | Risk to Individuals | Action Required |
|
|
70
|
+
|-------|-------------------|-----------------|
|
|
71
|
+
| **Level 1 — Negligible** | Unlikely to affect rights/freedoms | Internal record only (Art. 33(5)) |
|
|
72
|
+
| **Level 2 — Low** | Limited impact, unlikely harm | Notify authority only (Art. 33) |
|
|
73
|
+
| **Level 3 — High** | Likely significant harm | Notify authority (Art. 33) AND data subjects (Art. 34) |
|
|
74
|
+
| **Level 4 — Critical** | Severe impact, immediate harm | Emergency notification + consider public communication |
|
|
75
|
+
|
|
76
|
+
### Phase 3 — Authority Notification (by T+72h)
|
|
77
|
+
|
|
78
|
+
**Required content** (Art. 33(3)):
|
|
79
|
+
|
|
80
|
+
```markdown
|
|
81
|
+
## Data Breach Notification to Supervisory Authority
|
|
82
|
+
|
|
83
|
+
### 1. Nature of the Breach (Art. 33(3)(a))
|
|
84
|
+
- Type: [Confidentiality / Integrity / Availability]
|
|
85
|
+
- Description: [What happened]
|
|
86
|
+
- Categories of data subjects affected: [Customers / Employees / Children / Patients]
|
|
87
|
+
- Approximate number of data subjects: [Number or range]
|
|
88
|
+
- Categories of personal data records: [Names / Emails / Financial / Health / etc.]
|
|
89
|
+
- Approximate number of records: [Number or range]
|
|
90
|
+
|
|
91
|
+
### 2. Contact Details (Art. 33(3)(b))
|
|
92
|
+
- DPO name: [NAME]
|
|
93
|
+
- Contact: [EMAIL / PHONE]
|
|
94
|
+
- Reference number: [INTERNAL REF]
|
|
95
|
+
|
|
96
|
+
### 3. Likely Consequences (Art. 33(3)(c))
|
|
97
|
+
- [List potential impacts on data subjects]
|
|
98
|
+
- [Physical / material / non-material damage]
|
|
99
|
+
- [Risk of discrimination, identity theft, financial loss, reputational damage]
|
|
100
|
+
|
|
101
|
+
### 4. Measures Taken or Proposed (Art. 33(3)(d))
|
|
102
|
+
- Containment measures: [Already implemented]
|
|
103
|
+
- Mitigation measures: [Planned]
|
|
104
|
+
- Communication measures: [If data subjects notified]
|
|
105
|
+
```
|
|
106
|
+
|
|
107
|
+
**Important Notes:**
|
|
108
|
+
- If full information is not available within 72h, provide initial notification with available info and supplement "without undue delay" (Art. 33(4))
|
|
109
|
+
- Document the reasons for any delay beyond 72h
|
|
110
|
+
- Use the supervisory authority's preferred notification form if available
|
|
111
|
+
|
|
112
|
+
### Phase 4 — Data Subject Notification (if Level 3-4)
|
|
113
|
+
|
|
114
|
+
**When required** (Art. 34(1)): "when the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons."
|
|
115
|
+
|
|
116
|
+
**Exemptions** (Art. 34(3)):
|
|
117
|
+
- (a) Data was encrypted/unintelligible to unauthorized parties
|
|
118
|
+
- (b) Subsequent measures ensure high risk is no longer likely
|
|
119
|
+
- (c) Disproportionate effort → use public communication instead
|
|
120
|
+
|
|
121
|
+
**Required content** (plain language per Art. 12(1)):
|
|
122
|
+
|
|
123
|
+
```markdown
|
|
124
|
+
## Data Breach Notification to Data Subjects
|
|
125
|
+
|
|
126
|
+
Dear [Data Subject],
|
|
127
|
+
|
|
128
|
+
We are writing to inform you of a personal data breach that may affect your personal information.
|
|
129
|
+
|
|
130
|
+
### What Happened
|
|
131
|
+
[Clear, non-technical description of the breach]
|
|
132
|
+
|
|
133
|
+
### What Data Was Affected
|
|
134
|
+
[Specific types of your data that were involved]
|
|
135
|
+
|
|
136
|
+
### What This Means for You
|
|
137
|
+
[Honest assessment of potential consequences in plain language]
|
|
138
|
+
|
|
139
|
+
### What We Are Doing
|
|
140
|
+
[Measures taken to address the breach and protect your data]
|
|
141
|
+
|
|
142
|
+
### What You Can Do
|
|
143
|
+
[Specific, actionable steps the individual can take]
|
|
144
|
+
- Change your password at [URL]
|
|
145
|
+
- Monitor your [bank/credit] statements
|
|
146
|
+
- Be alert for [phishing/scam] attempts
|
|
147
|
+
|
|
148
|
+
### Contact Us
|
|
149
|
+
If you have questions, contact our Data Protection Officer:
|
|
150
|
+
- Name: [DPO NAME]
|
|
151
|
+
- Email: [DPO EMAIL]
|
|
152
|
+
- Phone: [DPO PHONE]
|
|
153
|
+
|
|
154
|
+
You also have the right to lodge a complaint with [SUPERVISORY AUTHORITY NAME] at [URL/ADDRESS].
|
|
155
|
+
```
|
|
156
|
+
|
|
157
|
+
### Phase 5 — Documentation & Lessons Learned (T+30 days)
|
|
158
|
+
|
|
159
|
+
**Mandatory breach register** (Art. 33(5)):
|
|
160
|
+
|
|
161
|
+
```
|
|
162
|
+
| Field | Detail |
|
|
163
|
+
|-------|--------|
|
|
164
|
+
| Breach ID | [UNIQUE ID] |
|
|
165
|
+
| Date of breach | [DATE] |
|
|
166
|
+
| Date of detection | [DATE] |
|
|
167
|
+
| Date authority notified | [DATE or N/A + justification] |
|
|
168
|
+
| Date subjects notified | [DATE or N/A + justification] |
|
|
169
|
+
| Nature of breach | [Confidentiality / Integrity / Availability] |
|
|
170
|
+
| Categories of data | [List] |
|
|
171
|
+
| Number of subjects | [Number] |
|
|
172
|
+
| Number of records | [Number] |
|
|
173
|
+
| Root cause | [Technical / Human / Process] |
|
|
174
|
+
| Containment measures | [List] |
|
|
175
|
+
| Remediation measures | [List] |
|
|
176
|
+
| Lessons learned | [Description] |
|
|
177
|
+
| Process improvements | [Actions taken to prevent recurrence] |
|
|
178
|
+
```
|
|
179
|
+
|
|
180
|
+
---
|
|
181
|
+
|
|
182
|
+
## AI-Specific Breach Scenarios
|
|
183
|
+
|
|
184
|
+
| Scenario | Description | Classification | Unique Considerations |
|
|
185
|
+
|----------|-------------|---------------|----------------------|
|
|
186
|
+
| **Model inversion** | Attacker reconstructs training data from model outputs | Confidentiality breach | Training data may include PII from thousands of data subjects |
|
|
187
|
+
| **Prompt injection** | Attacker extracts PII from model context/memory | Confidentiality breach | Scope may be unclear — all data in context window at risk |
|
|
188
|
+
| **Training data exfiltration** | Direct access to training datasets | Confidentiality breach | May affect all data subjects in training set |
|
|
189
|
+
| **Adversarial manipulation** | Model outputs manipulated to produce wrong decisions | Integrity breach | Art. 22 implications if automated decision-making |
|
|
190
|
+
| **Model poisoning** | Training data corrupted leading to biased/wrong outputs | Integrity breach | Long-term impact, may require model retraining |
|
|
191
|
+
| **Inference data leakage** | Processing data leaked during inference | Confidentiality breach | Real-time PII exposure, immediate containment needed |
|
|
192
|
+
|
|
193
|
+
---
|
|
194
|
+
|
|
195
|
+
## Escalation & Caveats
|
|
196
|
+
|
|
197
|
+
> **⚠️ Legal Advice Disclaimer**: Breach notification is a time-sensitive legal obligation. This workflow provides structured guidance based on GDPR Art. 33-34 and EDPB guidelines (WP 250 rev.01). For actual breach incidents, immediately engage your DPO and legal counsel. Supervisory authority notification deadlines are strict — document all actions with precise timestamps.
|