The EU GDPR (General Data Protection Regulation) requires all data controllers to report certain types of personal data breaches to the relevant supervisory authority. In Finland, this is the Tietosuojavaltuutetun Toimisto (Office of the Data Protection Ombudsman). You must report the breach within 72 hours of becoming aware, where feasible.
You can report breaches by completing an online personal data breach report form.
Finding out what the breach is, who has been affected, how extensive it is and how it happened – all within 72 hours – is not easy, especially when organisations want to use this time to start fixing damage caused by the breach.
Your reputation is on the line: How can IT Governance help?
The simple fact that no two organisations are ever the same means there can be no one-size-fits-all approach to the GDPR. To help you develop a successful and secure organisation, IT Governance has developed a portfolio of GDPR solutions to align with your business requirements and budget.
What happened? Tell Tietosuojavaltuutetun toimisto as much as you can about what happened, what went wrong and how it happened.
Quickly respond to any cyber incident with a cyber incident response programme, enabling you to effectively prepare for, respond to and follow-up after any data breach. This service is based on the best practice cyber security incident response framework developed by CREST and ISO/IEC 27035.
Find out how to effectively manage and respond to a disruptive incident and take appropriate steps to limit the damage of a potential disruption with this one-day training course.
Assessing data that is affected
How many personal data records have been affected? How many data subjects could be affected?
This service provides a thorough audit of the personal data in your organisation and a data flow map that will help you identify where your data resides. This will help you to implement targeted measures to reduce your risk of an information security breach.
The Data Flow Mapping Tool simplifies the process of creating data flow maps, giving you a thorough understanding of the personal data your organisation processes and why, where it is held and how it is transferred.
Describing the impact: potential consequences
Explain the possible impact on data subjects. Was there any harm as a result of the breach?
Determining the likelihood and impact of a data breach is best done through a comprehensive information security risk assessment, enabling you to take appropriate action. Suitable for organisations of all sizes, vsRisk™ is a leading information security risk assessment tool that delivers fast, accurate, auditable and hassle-free risk assessments year after year. Fully aligned with ISO 27001, it significantly cuts the consultancy costs typically associated with information security risk assessment.
Reporting on staff training and awareness
Did the staff member involved in the breach receive data protection training in the last two years?
This simple-to-use, interactive GDPR staff awareness e-learning course for employees introduces the GDPR and the key compliance obligations for organisations. It aims to provide a complete foundation on the principles, roles, responsibilities and processes under the Regulation.
The interactive information security staff awareness e-learning course teaches employees about the most important elements of information security, and aims to reduce the likelihood of human error by familiarising non-technical staff with security awareness policies and procedures.
This unique GDPR training programme provides a comprehensive introduction to the requirements of the GDPR, and a practical guide to planning, implementing and maintaining a GDPR compliance programme.
Preventive measures and taking action. Addressing the problem
Describe any measures you had in place to prevent a breach of this nature.
Explain the actions you have taken, or propose to take, as a result of the breach. Where appropriate, include actions you have taken to fix the problem and to mitigate any adverse effects.
ISO 27001 is the world’s leading information security standard, trusted by thousands of organisations. These ISO 27001 implementation bundles consist of a specially formulated combination of bestselling tools, hands-on guidance and trusted resources that will help you implement an ISO 27001-compliant ISMS (information security management system) from start to finish.
With prices starting from as little as €300, the Cyber Essentials scheme provides organisations with a cost-effective assurance mechanism to help reduce risk and demonstrate that the most important basic cyber security controls have been implemented.
Our penetration testing packages provide a complete security testing solution for your websites and IT systems. The fixed-cost packages are ideal for small and medium-sized organisations, or those with no prior experience of security testing.
About you: oversight
The ICO requires you to identify the DPO (data protection officer) or senior person responsible for data protection in your organisation.
DPO as a Service is a practical and cost-effective solution for organisations that don’t have the data protection expertise and knowledge to fulfil their DPO obligations under the GDPR.
Why choose IT Governance?
- We have an in-depth understanding of the GDPR's requirements and how they can best be met.
- We provide a complete compliance support service to help organisations prepare for and adapt to the GDPR.
- Our specialist team has extensive data protection and information security management project expertise, both in the UK and internationally.
Speak to an expert
Please contact our team for advice and guidance on our products and services.
Terms and conditions:
Our offer is available only through www.itgovernance.eu or by contacting our customer service team at firstname.lastname@example.org or on 00 800 48 484 484 until 31 October 2018. The following terms apply:
- This offer cannot be used in conjunction with any other offer.
- The discounts in our offer are applicable as follows:
- 10% discount applicable on purchases between €5,000 and €14,999 (excluding VAT and shipping).
- 15% discount applicable on purchases between €15,000 and €29,999 (excluding VAT and shipping).
- 20% discount applicable on purchases between €30,000 and above (excluding VAT and shipping).
- The offer is available only on the products listed here
- IT Governance Europe operates on a first come, first served basis for training course and consultancy offerings.
- IT Governance Europe reserves the right to remove products and services from the offer, subject to the availability of trainers and consultants. Any refunds through the Service Centre will take into account the above discount.
- We reserve the right to terminate this offer earlier than the date stated in this advertisement.