Data Breach Readiness ‘MOT’
Data breaches are inevitable. Most breaches are as a result of cock up, rather than conspiracy. With customers becoming more aware of their data protection rights, trust in how a company handles their data is driving choice.
How a business responds when the worst happens will have a great impact on that trust. Take our Data Breach Readiness MOT to find out how prepared you are for the inevitable.
You have assembled your data breach response team.
Please note that your MOT result is not recorded by us, as we want to keep data collection to a minimum. However, here’s an indexed guide to give you an idea of what we would recommend in relation to each outcome.
— READINESS INDEX —
Good Level of Readiness: Based on your answers it looks like you may be all set to deal with a breach when it happens. Consider running a live enactment scenario to rehearse and refine your response plan.
Good Progress Towards Readiness: You’re well on the way to being ready, and there are perhaps only matters of staff training, or finalising your breach response plan to deal with.
Some Gaps in your Readiness: Your responses indicate that there are quite a few gaps in your breach approach. You could benefit from a Risk Assessement to help identify weaknesses, looking primarily at the areas where you were unable to ‘Agree’ or ‘Strongly Agree’.
Low Level of Readiness: The responses suggest a package of actions are necessary to address the readiness shortfall. Start by undertaking a full Breach Risk Audit to identify the areas of greatest risk, and prioritising the actions to get you to readiness.
Remember, when managing a data breach, preparation is the key. If your breach is reportable to the regulator, valuable time could be wasted in putting a team together and deciding who should be doing what, rather than managing and controlling the effects of the breach on your business and customers.
If you are not in a position to report within the 72 hour time frame, the regulator could take a range of actions, from ordering you to stop processing data for a specific purpose, to issuing a monetary penalty – and both could see a significant cost. If you’d like to steer a course that reduces your exposure, click the call back button for one of our advisors to contact you.