Have your organization taken measures to ensure your data is safe? Do you have a response plan ready to deal with potential data breaches in a structured, efficient way? If you’re not responding “yes!” to those two questions, here’s what we suggest you do to become breach ready.
First, what counts as a data breach? Is it emailing an invoice to the wrong person? Well, according to GDPR, is when “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored or otherwise processed”. So this breach might come from an external source – evil cyber criminals who specialize in hacking or phishing. But they could also come from the inside of an organisation. Perhaps an absent-minded, overworked co-worker e-mails personal data to the wrong person, or forget their phone on the train home.
Either way, with GDPR came a duty on all organisations to report certain types of personal data breaches to the relevant supervisory authority. To decide whether you need to report a breach or not, take a close look at the following factors:
- What type of breach is it?
- What is the nature, volume and sensitivity of the compromised data?
- Is it easy to identify the affected data subjects? What are the consequences?
- Who are those affected?
To get an understanding of what questions the authority will ask and what your response plan should look like, read our whitepaper. It also includes handy check lists to make sure you are breach ready!