Part 5 · When It Goes Wrong
5 · Respond
When something goes wrong: detecting the breach, running the 72-hour clock, and surviving a regulator investigation. This is the shortest part of the playbook because most of the work (instrumentation, logging, IAM) was already done in Parts 2 to 4. Respond is where that investment pays off, or doesn't. And a "breach" is broader than "hacker stole the database." A misconfigured S3 bucket, an accidental DELETE FROM users without a backup, or a laptop with customer emails left in a taxi all count (Art. 4(12)).