Data Breaches Are Inevitable—Ensure Your Organisation Can Properly Manage Them
Jun 13, 2022
As the world leans more and more on information technology to find innovative solutions to business challenges, the inevitability of personal data breaches rises each day. From official emails about protocols for the Queen’s death being accidentally leaked to the greetings card company Funky Pigeon being subject to a cyber attack, the accidental or deliberate loss, destruction, theft, disclosure, or access to personal data has been prevalent since GDPR’s inception in 2018, and continues to hit the news headlines on a weekly basis.
Data breaches that cause detriment to individuals need to be reported to the Information Commissioner’s Office (ICO) within 72 hours, along with a difficult decision of whether to notify the people affected. If this deadline is missed, ICO has the power to enforce monetary penalties your company will be keen to avoid.
In short, it’s not a matter of if a data breach occur, but rather when it will happen. Many companies have come a long way in the past few years with the implementation of GDPR compliance processes. It is crucial that these are put to the test in a safe setting so they can be evaluated in practice and remediated or perfected before they have to be deployed in real life/time. However, a number of organisations still lack the tools or internal knowledge to recognise the severity of a data breach and take the correct steps to address it.
That’s where CTG can help—by offering a crucial cost-effective table-top exercise (TTX) as part of our comprehensive GDPR Solutions. During this activity, key personnel who are assigned emergency roles and responsibilities are gathered to recreate, in a non-threatening environment, various simulated emergency situations under the guidance of a facilitator.
Even if you feel your company has a stringent data breach procedure in place, it is still important to “check your parachute before jumping out of the aeroplane.” This can help you avoid unpleasant surprises, and especially, penalties for GDPR infringements.
A TTX will be able to guarantee that your workflows are optimal and productive, personnel are handling situations in an efficient and effective way, and the necessary documentation or guidance is present. As the facilitators, CTG will grade the exercise and provide essential feedback, and make any necessary suggestions to improve your breach reporting processes.
You’ll never know where the gaps lie in your breach reporting process unless you thoroughly test it. CTG can help you do just that to ensure your organisation is GDPR compliant.
If you missed our last blog about Data Protection Impact Assessments, check it out now!
Andy is a Data Privacy Consultant with more than 10 years’ experience in Data Protection, GDPR, Freedom of Information, and Law Enforcement Processing. He worked for the police for over 16 years and is interested in how privacy and information security applies to all walks of life—both business and personal. He has a certified practitioner’s qualification in Data Protection and GDPR.