With data breaches on the rise and affecting Irish organisations of all sizes, it may be time you took the GDPR (General Data Protection Regulation) seriously and began to implement a compliance plan.
Could your organisation report a breach to the DPC (Data Protection Commissioner) within the required 72 hours?
Reporting a breach within 72 hours is not easy, which is why IT Governance Europe has developed an easy six-step approach to follow:
- Situational analysis: To correctly report a breach you need to have a clear understanding of the situation. Supervisory authorities such as the DPC expect organisations to tell them as much as they can about what happened, what went wrong and how it happened.
- Assessing the affected data: Your organisation needs to know what categories of personal data were affected by the breach, and the number of records concerned.
- Describing the impact: You must describe the possible impact on data subjects as a result of the breach.
- Preventive measures, staff awareness and training: Staff awareness is key to GDPR compliance. Organisations need to state whether the staff involved in the breach received staff training before the incident. You must also describe the actions you have taken, or propose to take, as a result of the breach.
- Oversight: Organisations need to state who their DPO (data protection officer), or senior person responsible for data protection, is. This is in case the DPC has any further questions.
Take our quiz to receive a free personalised report on how #BreachReady you are.