Data breaches are inevitable. Most breaches are as a result of cock up, rather than conspiracy. With customers becoming more aware of their data protection rights, trust in how a company handles their data is driving choice. How a business responds when the worst happens will have a great impact on that trust, and reports of reaction to the negative publicity around recent breaches involving BA and Ticketmaster support this.
Whether a breach is reportable or not, the nature of the breach and how you respond to it, must still be recorded by the business in order to show compliance with the law.
When managing a data breach, preparation is the key. If your breach is reportable to the regulator, valuable time could be wasted in putting a team together and deciding who should be doing what, rather than managing and controlling the effects of the breach on your business and customers. If you are not in a position to report within the 72 hour time frame, the regulator could take a range of actions, from ordering you to stop processing data for a specific purpose, to issuing a monetary penalty – and both could see a significant cost.
Take our Data Breach Readiness MOT to find out how prepared you are for the inevitable.
You have assembled your data breach response team.