What happens in the event of a security incident involving personal data?

If, contrary to expectations (this has never happened before), a security incident occurs that affects personal data, the affected customers will be informed immediately (but at the latest within 24 hours). In addition, appropriate countermeasures will be initiated immediately to eliminate the cause. If necessary, short-term workarounds will ensure that no more personal data is disclosed. If it should indeed be a data protection-relevant incident, the relevant supervisory authorities are informed immediately in consultation with the customer.