Incident triage checklist sheet
Pair with: DPDP-aware incident response playbook · Official resources · Chapter map
Use this as a field worksheet during or right after an event: one row per incident ID. It does not replace legal review, security tooling, or statutory duties—see when to involve counsel.
Suggested columns
- Ticket / incident ID and opened time (timezone)
- Reporter and channel (support, security, vendor, internal)
- Systems and data stores named; personal data categories suspected
- Containment actions taken (with owner initials)
- Evidence location (log IDs, export paths—approved repos only)
- Legal / comms / customer touchpoints pending
- Next update time for internal stakeholders
Quick triage prompts
- Is this purely technical with no personal data, uncertain, or confirmed personal data?
- Who is technical DRI, privacy DRI, and comms DRI for this ticket?
- What is confirmed vs unknown in one short paragraph?
- Has anyone contacted customers or regulators yet—if yes, loop counsel.