It seems like we hear about yet another data breach on a daily basis, with recognised companies such as Ticketmaster and Dixons Carphone – to name but a few – suffering at the hands of criminal hackers.
If you think it only happens to large organisations, think again
Since the EU’s GDPR (General Data Protection Regulation) came into effect in May, the DPC (Data Protection Commissioner) has dealt with 60 reports of data breaches logged by organisations and more than 1,300 GDPR queries.
Data controllers are now required to notify their supervisory authority (for Ireland, the DPC) of personal data breaches presenting a risk to data subjects’ rights and freedoms, and must do so within 72 hours of becoming aware of the breach. They must also notify the data subjects themselves “without undue delay” if there is a high risk to their rights and freedoms. As the general public is becoming increasingly aware of their individual rights, this could account for the rise in queries being received by the DPC.
The GDPR’s mandatory notification requirements are likely to pose significant challenges to many organisations and require careful planning to ensure maximised compliance.
IT Governance Europe has a range of tools and services available, from helping to prevent a breach, to training staff, to preparing your organisation for potential breaches.
To help Irish organisations get #BreachReady this summer, we are offering up to 20% off selected data protection and incident response solutions.