The WP 29 provides examples of steps that controllers and processors can take to meet their obligations under the data breach notification and communication requirements. For instance, the WP29 points out that the focus of any breach response should be on protecting individuals and their personal data. Therefore, controllers and processors are encouraged to put in place processes that 1) can detect and contain a breach, 2) assess the risk to individuals, 3) determine whether it is necessary to notify the competent authority, and 4) communicate the breach to the individuals concerned (where necessary). The guidelines also include a (non-exhaustive) list of examples of personal data breaches and who to notify, as well as a flowchart showing notification requirements.