Data, especially personal data, are often the crown jewels of many organizations. These assets need protection against destruction, loss, modification or from falling into the wrong hands, whether by mistake or by malicious intent. The General Data Protection Regulation (GDPR) provides the regulatory framework for how to manage and protect personal data. Under its requirements, companies have put into place organizational and technical measures to help avoid wrongful disclosure. However, sometimes these measures are not enough, and a breach of personal data occurs. With this article, we want to raise awareness about what to do when you suspect a personal data breach. If nothing else, perhaps this article can serve as a just-in-case-safety card, similar to aircraft safety instructions in seat pockets in front of you, only without the cryptic pictographs.