As set out in our previous blog, the first thing you should do is work out what you mean by “breach”.
The aim of this blog, is to briefly set out what to do when you experience a security breach. However, we can help in other instances as well.
What do I do?
1. Work out what has happened – For example, what data is involved, what has happened to the data, how many individuals are affected? If you don’t know what has happened, you can’t properly assess the impact!
2. Contain the breach – At a recent talk by the ICO aimed at small businesses attended by Lawpoint, they made it clear that although there is a deadline to report to the ICO, your number one priority should be containment of the breach.
3. Assess the risk – If a breach is notifiable or not will depend on whether there is a risk to individuals. We do this for our clients and understand that it isn’t easy to assess the impact, but the ICO has released a webinar to help guide this process – available here: https://ico.org.uk/for-organisations/webinars-and-podcasts/?utm_source=twitter&utm_medium=iconews&utm_term=edf354bf-9254-4121-9cf8-d73f87e40599&utm_content=&utm_campaign=
4. Follow up – Once you’ve worked out what happened and why, how are you going to prevent (or reduce the likelihood) of it happening again. You’ll be expected to do this and demonstrate what you’ve learnt.
Can you help?
We have released a GDPR breach helpline.
We appreciate that in light of the 72 hour deadline, it can be stressful to deal with a breach. The aim of our helpline is to give you an initial view and possible next steps for £50 + VAT. We can get further involved for an additional cost (such as impact assessing the breach), but wanted to provide organisations with an initial sounding board when they need it with the knowledge that it’s a fixed price.