The GDPR mandates that organisations must inform the relevant regulatory authorities on certain types of personal data breaches. You must do so within 72 hours of becoming aware of a breach. 

This mind map, taken from our  NCSC-Certified Cyber Incident Planning and Response  course, outlines several areas that an organisation must focus on to be GDPR breach ready and offers various pointers to construct an effective cyber incident response plan. Not only GDPR but also major cybersecurity standards such as ISO 27001, ISO 22301, PCI DSS recommend organisations to develop a Data Breach or Cyber Incident Response Plan.

You can download the Data Breach Response Plan Mind Map, here