Managing Personal Data Breaches
GDPR has strengthened and formalised the requirements for how a data breach is responded to, the evidence gathered and the consequential accountability. This means a much higher standard of reaction and consistency of response is expected.
Since data breaches can range from misfiled reports, wrongly addressed emails through to sophisticated phishing or ransomware attacks most organisations lack the skills, experience and expertise to deal with these incidents in a comprehensive and coherent fashion.
This is where Ixium can help on either an ad-hoc basis or as part of our DP Assure service.
Personal Information Breach Response
Given the increased volumes of personal information that are captured and used to personalise services, there is a higher risk of it being mishandled, lost or stolen. Many organisations have little experience in managing personal information breaches, in any form, making it more difficult to react to an event that occurs.
Although you should be established processes to manage incidents, many do not. To react effectively you need to have a staged approach to quickly assess the incident, make sure the leak is blocked and determine an appropriate response. The scope and severity of the loss needs to be assessed, the organisation mobilised to fix the issue and, where necessary, data subjects and regulatory authorities notified. This is an intense set of requirements is a short time period.
The key drivers are; the scale of the breach, the type of data lost, the impact on data subjects and the operational impact. It is important to execute this triage stage, form a plan of recovery and execute it making sure key stakeholders are informed.
Ixium have an incident response team that can help you manage your data breach. Our response will provide;
- An assessment of the scope, scale and sensitivity of the breach (triage)
- Advice and guidance on required actions, timing and implications
- A customised breach response, recovery and remediation plan
- Assessment of the need to inform the regulator
- Confidence that your regulatory obligations have been met
Throughout this process we will work with you to quickly address the breach, taking a phased approach to identification and remediation of the issue.
We created DP Assure as a serviced based approach to providing privacy & data protection advice to our clients. Our aim is to be an extension of your team, acting as a trusted advisor. By getting to know you, we will be in a better position to offer you pertinent and timely advice.
As part of DP Assure, we provide advice & guidance when incidents occur, supporting you through the process. We will already have gotten to know your organisation, putting us in a unique position to get to the heart of the issue and offer relevant, targeted advice & recommendations to facilitate your response. This is an alternative approach to conventional consulting, providing you with a cost effective approach to addressing regulatory events.
If this sounds interesting, see DP Assure for more information.