“We are serious about the handling of personal data and keep all your data secure.” Everybody says that, don’t they? That doesn’t necessarily mean they won’t commit a personal data breach though.
Some breaches arise because of poor security which fails to prevent hackers. Others are due to carelessness or accidents by employees. Many people are becoming more sensitive to personal data breaches as GDPR gets closer and some of my clients have contacted me recently for my assistance.
So, if you suffer a personal data breach, what should you do? Well, there’s no one-size-fits-all solution. But these are the basics:
Before a breach
- Appoint a security breach team. Make sure someone with authority sits on the team so that they can take action based on their findings
After a breach
- As soon as you become aware of a breach, assemble the security breach team. If appropriate, include someone from the department suffering the breach
- The team should start investigating the breach immediately
- Work out who is the data controller if it’s not you
- Take immediate action to stop the data security breach
- Mitigate damage that may result from the breach
- Identify whether you should notify the ICO or other regulatory body. Be aware of the changes to notification requirements under GDPR
- Do you need to inform the individual whose data is affected?
- Notify your insurer and check your insurance cover
- Check your contracts – have you or someone else breached these? Is someone else liable?
- Do you need to discipline your staff or take action against suppliers?
- Audit your security measures to prevent a breach recurring