If a breach is detected, as part of our requirements under Article 33 of the GDPR, we must determine how the breach occurred in the first instance and how we intend to mitigate this risk in the future. This analysis is then used to update any existing documentation and documented procedures to bring them up to date.